Lucene search
+L

445 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/27 12:0 a.m.4 views

CVE-2025-69437

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...

8.7CVSS6AI score0.00345EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.11 views

PT-2026-22348

Name of the Vulnerable Software and Affected Versions PublicCMS versions prior to 5.202506.d Description The software contains a stored cross-site scripting XSS issue. Uploaded PDF files can include JavaScript payloads that bypass security checks within the backend CmsFileUtils.java. When a user...

8.7CVSS5.9AI score0.00345EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/27 12:0 a.m.23 views

CVE-2025-69437

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...

0.00345EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.13 views

PT-2026-22297

A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been...

6.5CVSS6.2AI score0.00684EPSS
Exploits1References5
CVE
CVE
added 2026/02/27 12:0 a.m.32 views

CVE-2025-69437

PublicCMS v5.202506.d and earlier are exposed to a stored XSS flaw in the Pdf handling path. Uploaded PDFs can carry JavaScript payloads that bypass backend checks in CmsFileUtils.java and when viewed by a user can trigger the embedded payload, potentially enabling credential theft and arbitrary ...

8.7CVSS6AI score0.00345EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

PublicCMS 路径遍历漏洞

PublicCMS is an open-source content management system CMS developed in Java by PublicCMS Company in China. Version 6.202506.d of PublicCMS has a path traversal vulnerability. This vulnerability stems from incorrect operations on the saveMetadata function in the Template Cache Generation component...

9.8CVSS6.6AI score0.00684EPSS
Exploits1References5
OSV
OSV
added 2026/02/27 12:0 a.m.5 views

CVE-2025-69437

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...

8.7CVSS5.8AI score0.00345EPSS
Exploits1References3
NVD
NVD
added 2026/02/06 8:15 a.m.9 views

CVE-2026-2010

A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...

4.2CVSS0.00325EPSS
Exploits1References7
EUVD
EUVD
added 2026/02/06 8:2 a.m.6 views

EUVD-2026-5690

A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...

4.2CVSS4.2AI score0.00325EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/02/06 8:2 a.m.5 views

CVE-2026-2010

A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...

4.2CVSS4.4AI score0.00325EPSS
Exploits1References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/06 8:2 a.m.5 views

CVE-2026-2010 Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization

A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...

4.2CVSS4.4AI score0.00325EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/02/06 8:2 a.m.33 views

CVE-2026-2010 Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization

A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...

4.2CVSS0.00325EPSS
Exploits1References7
CVE
CVE
added 2026/02/06 8:2 a.m.27 views

CVE-2026-2010

CVE-2026-2010 affects Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. The vulnerability resides in the Paid function of TradePaymentService.java (path: publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java) and is due to manipulation...

4.2CVSS4.3AI score0.00325EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/02/06 8:2 a.m.5 views

CVE-2026-2010 Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization

A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...

2.3CVSS4.7AI score0.00325EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.8 views

PublicCMS 授权问题漏洞

PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. There is an authorization issue in PublicCMS; this issue stems from a mistake in the parameter paymentId of the function Paid within the component Trade Payment Handler,...

4.2CVSS5.7AI score0.00325EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6688

Name of the Vulnerable Software and Affected Versions Sanluan PublicCMS versions 4.0.202506.d through 6.202506.d Description A security issue exists in Sanluan PublicCMS related to improper authorization. The Paid function within the TradePaymentService.java file, located at...

4.2CVSS5AI score0.00325EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/01/19 6:27 a.m.7 views

CVE-2026-1111

A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...

7.2CVSS6.6AI score0.00635EPSS
Exploits2References1
NVD
NVD
added 2026/01/18 7:16 a.m.8 views

CVE-2026-1112

A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids...

8.1CVSS0.00394EPSS
Exploits1References4
NVD
NVD
added 2026/01/18 6:16 a.m.12 views

CVE-2026-1111

A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...

7.2CVSS0.00635EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/01/18 6:2 a.m.31 views

CVE-2026-1112 Sanluan PublicCMS Trade Address Deletion Endpoint TradeAddressController.java delete improper authorization

A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids...

5.5CVSS0.00394EPSS
Exploits1References4
Rows per page
Query Builder