445 matches found
CVE-2025-69437
PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...
PT-2026-22348
Name of the Vulnerable Software and Affected Versions PublicCMS versions prior to 5.202506.d Description The software contains a stored cross-site scripting XSS issue. Uploaded PDF files can include JavaScript payloads that bypass security checks within the backend CmsFileUtils.java. When a user...
CVE-2025-69437
PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...
PT-2026-22297
A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been...
CVE-2025-69437
PublicCMS v5.202506.d and earlier are exposed to a stored XSS flaw in the Pdf handling path. Uploaded PDFs can carry JavaScript payloads that bypass backend checks in CmsFileUtils.java and when viewed by a user can trigger the embedded payload, potentially enabling credential theft and arbitrary ...
PublicCMS 路径遍历漏洞
PublicCMS is an open-source content management system CMS developed in Java by PublicCMS Company in China. Version 6.202506.d of PublicCMS has a path traversal vulnerability. This vulnerability stems from incorrect operations on the saveMetadata function in the Template Cache Generation component...
CVE-2025-69437
PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...
CVE-2026-2010
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...
EUVD-2026-5690
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...
CVE-2026-2010
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...
CVE-2026-2010 Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...
CVE-2026-2010 Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...
CVE-2026-2010
CVE-2026-2010 affects Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. The vulnerability resides in the Paid function of TradePaymentService.java (path: publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java) and is due to manipulation...
CVE-2026-2010 Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...
PublicCMS 授权问题漏洞
PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. There is an authorization issue in PublicCMS; this issue stems from a mistake in the parameter paymentId of the function Paid within the component Trade Payment Handler,...
PT-2026-6688
Name of the Vulnerable Software and Affected Versions Sanluan PublicCMS versions 4.0.202506.d through 6.202506.d Description A security issue exists in Sanluan PublicCMS related to improper authorization. The Paid function within the TradePaymentService.java file, located at...
CVE-2026-1111
A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...
CVE-2026-1112
A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids...
CVE-2026-1111
A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...
CVE-2026-1112 Sanluan PublicCMS Trade Address Deletion Endpoint TradeAddressController.java delete improper authorization
A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids...