Lucene search
K

124 matches found

Cvelist
Cvelist
added 2023/06/14 12:0 a.m.24 views

CVE-2023-34865

Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature...

9.6AI score0.0121EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.4 views

PT-2023-25044 · Ujcms · Ujcms

Name of the Vulnerable Software and Affected Versions: Ujcms version 6.0.2 Description: An issue in Ujcms allows attackers to gain sensitive information via the dir parameter to the "/api/backend/core/web-file-html/download-zip" API endpoint. Recommendations: For Ujcms version 6.0.2, as a tempora...

7.5CVSS6.8AI score0.00703EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.5 views

PT-2023-25038 · Ujcms · Ujcms

Name of the Vulnerable Software and Affected Versions: ujcms version 6.0.2 Description: The issue allows attackers to perform directory traversal, enabling them to move files using the rename feature. Recommendations: For ujcms version 6.0.2, consider restricting the rename feature to prevent fil...

9.8CVSS7.3AI score0.0121EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/06/14 12:0 a.m.12 views

CVE-2023-34865

Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature...

6.8AI score0.0121EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.5 views

UJCMS 路径遍历漏洞

UJCMS is UJCMS open source a Java open source content management system . A security vulnerability exists in UJCMS version 6.0.2. An attacker exploited the vulnerability to move files via the rename function...

9.8CVSS8.4AI score0.0121EPSS
Exploits1References1
CVE
CVE
added 2023/06/14 12:0 a.m.49 views

CVE-2023-34878

CVE-2023-34878 affects Ujcms v6.0.2, where the dir parameter in the endpoint "/api/backend/core/web-file-html/download-zip" can cause leakage of sensitive information. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK access, LOW attack complexity, NONE privileges, NONE user interaction, and CO...

7.5CVSS7.5AI score0.00703EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/06/14 12:0 a.m.15 views

CVE-2023-34747

File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...

9.8CVSS6.9AI score0.20046EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/14 12:0 a.m.22 views

CVE-2023-34747

File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...

9.8AI score0.20046EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.6 views

UJCMS 信息泄露漏洞

UJCMS is a Java open source content management system from UJCMS Open Source. UJCMS version 6.0.2 before the information leakage vulnerability , the vulnerability stems from the wrong operation of the parameter dir will lead to information leakage...

6.5CVSS5.2AI score0.0082EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.4 views

PT-2023-23719 · Ujcms · Ujcms

Name of the Vulnerable Software and Affected Versions: UJCMS versions up to 6.0.2 Description: A vulnerability has been found in the ZIP Package Handler component of UJCMS, which can lead to information disclosure through the manipulation of the dir argument. The attack can be initiated remotely,...

6.5CVSS6.7AI score0.0082EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/06/14 12:0 a.m.10 views

CVE-2023-34747

File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...

9.5AI score0.20046EPSS
Exploits1References1
CVE
CVE
added 2023/06/14 12:0 a.m.159 views

CVE-2023-34747

CVE-2023-34747 corresponds to a file upload vulnerability in ujcms 6.0.2, exploitable via the API endpoint /api/backend/core/web-file-upload/upload. The issue is described as an unrestricted file upload that can impact confidentiality, integrity, and availability (CVSS v3.1: 9.8 CRITICAL, Network...

9.8CVSS9.4AI score0.20046EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.5 views

PT-2023-24994 · Ujcms · Ujcms

Name of the Vulnerable Software and Affected Versions: ujcms version 6.0.2 Description: The issue concerns a file upload vulnerability. It is exploited via the "/api/backend/core/web-file-upload/upload" API endpoint. Recommendations: For ujcms version 6.0.2, consider restricting access to the...

9.8CVSS6.7AI score0.20046EPSS
Exploits1References5
NVD
NVD
added 2023/02/17 5:15 p.m.23 views

CVE-2023-24369

A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...

6.1CVSS5.9AI score0.00429EPSS
Exploits1References1
OSV
OSV
added 2023/02/17 5:15 p.m.16 views

CVE-2023-24369

A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...

6.1CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2023/02/17 5:15 p.m.18 views

Cross site scripting

A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...

5.8CVSS5.9AI score0.00429EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/17 12:0 a.m.5 views

CVE-2023-24369

A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...

5.8AI score0.00429EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/02/17 12:0 a.m.4 views

UJCMS 跨站脚本漏洞

UJCMS is UJCMS open source a Java open source content management system . UJCMS v4.1.3 version of a security vulnerability , the vulnerability stems from the existence of cross-site scripting XSS vulnerability , an attacker can be exploited to exploit the vulnerability will be carefully crafted...

6.1CVSS6.2AI score0.00429EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/02/17 12:0 a.m.25 views

CVE-2023-24369

A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...

6AI score0.00429EPSS
Exploits1References1
CVE
CVE
added 2023/02/17 12:0 a.m.47 views

CVE-2023-24369

CVE-2023-24369 affects UJCMS v4.1.3. The vulnerability is a cross-site scripting (XSS) flaw that lets an attacker inject arbitrary web scripts or HTML by placing a crafted payload in the URL parameter under the Add New Articles function. Impact per available data indicates potential: confidential...

6.1CVSS5.9AI score0.00429EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder