5 matches found
EUVD-2024-52771
Malicious code in bioql PyPI...
UJCMS 9.6.3 - User Enumeration via IDOR
Exploit Title: UJCMS 9.6.3 User Enumeration via IDOR Exploit Author: Cyd Tseng Date: 11 Dec 2024 Category: Web application Vendor Homepage: https://dromara.org/ Software Link: https://github.com/dromara/ujcms Version: UJCMS 9.6.3 Tested on: Linux CVE: CVE-2024-12483 Advisory:...
📄 UJCMS 9.6.3 Insecure Direct Object Reference
UJCMS version 9.6.3 suffers from an insecure direct object reference vulnerability that enables user enumeration. Exploit Title: UJCMS 9.6.3 User Enumeration via IDOR Exploit Author: Cyd Tseng Date: 11 Dec 2024 Category: Web application Vendor Homepage: https://dromara.org/ Software Link:...
CVE-2024-55451
A Stored Cross-Site Scripting XSS vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend...
CVE-2024-55451
CVE-2024-55451 affects UJCMS 9.6.3. A Stored XSS exists in the authenticated SVG file upload/viewing functionality due to insufficient sanitization of embedded attributes in SVGs. When viewed by other backend users, it can execute arbitrary JavaScript in their browser context, potentially stealin...