163 matches found
CVE-2023-51807
Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component...
CVE-2023-24760
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...
CVE-2022-29653
OFCMS v1.1.4 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/comn/service/update.json...
CVE-2022-27961
A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...
CVE-2019-9613
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...
CVE-2019-9617
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadFile URI...
CVE-2019-9616
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadScrawl URI...
CVE-2019-9614
An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with ' $ ex"' followed by the command...
CVE-2019-9615
An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java...
CVE-2019-9609
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/editUploadImage URI...
CVE-2019-9611
An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?respath=res directory traversal, with ../ in the dir parameter, to write arbitrary content in the filecontent parameter into an arbitrary file specified by the filename parameter. This is related to the...
CVE-2019-9610
An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?respath=resdir=../ directory traversal, related to the getTemplates function in TemplateController.java...
CVE-2019-9612
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...
CVE-2019-9608
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadImage URI...
CVE-2025-1557
A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-1557
A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-1557
A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-1557
CVE-2025-1557 concerns OFCMS 1.1.3 where an unknown function allows cross-site request forgery (CSRF). The manipulation enables a remote attacker to exploit the vulnerability, with the exploit publicly disclosed. Multiple connected sources consistently identify CSRF as the impact vector and OFCMS...
CVE-2025-1557 OFCMS cross-site request forgery
A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-1557 OFCMS cross-site request forgery
A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...