124 matches found
CVE-2023-34865
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature...
PT-2023-25044 · Ujcms · Ujcms
Name of the Vulnerable Software and Affected Versions: Ujcms version 6.0.2 Description: An issue in Ujcms allows attackers to gain sensitive information via the dir parameter to the "/api/backend/core/web-file-html/download-zip" API endpoint. Recommendations: For Ujcms version 6.0.2, as a tempora...
PT-2023-25038 · Ujcms · Ujcms
Name of the Vulnerable Software and Affected Versions: ujcms version 6.0.2 Description: The issue allows attackers to perform directory traversal, enabling them to move files using the rename feature. Recommendations: For ujcms version 6.0.2, consider restricting the rename feature to prevent fil...
CVE-2023-34865
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature...
UJCMS 路径遍历漏洞
UJCMS is UJCMS open source a Java open source content management system . A security vulnerability exists in UJCMS version 6.0.2. An attacker exploited the vulnerability to move files via the rename function...
CVE-2023-34878
CVE-2023-34878 affects Ujcms v6.0.2, where the dir parameter in the endpoint "/api/backend/core/web-file-html/download-zip" can cause leakage of sensitive information. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK access, LOW attack complexity, NONE privileges, NONE user interaction, and CO...
CVE-2023-34747
File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...
CVE-2023-34747
File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...
UJCMS 信息泄露漏洞
UJCMS is a Java open source content management system from UJCMS Open Source. UJCMS version 6.0.2 before the information leakage vulnerability , the vulnerability stems from the wrong operation of the parameter dir will lead to information leakage...
PT-2023-23719 · Ujcms · Ujcms
Name of the Vulnerable Software and Affected Versions: UJCMS versions up to 6.0.2 Description: A vulnerability has been found in the ZIP Package Handler component of UJCMS, which can lead to information disclosure through the manipulation of the dir argument. The attack can be initiated remotely,...
CVE-2023-34747
File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...
CVE-2023-34747
CVE-2023-34747 corresponds to a file upload vulnerability in ujcms 6.0.2, exploitable via the API endpoint /api/backend/core/web-file-upload/upload. The issue is described as an unrestricted file upload that can impact confidentiality, integrity, and availability (CVSS v3.1: 9.8 CRITICAL, Network...
PT-2023-24994 · Ujcms · Ujcms
Name of the Vulnerable Software and Affected Versions: ujcms version 6.0.2 Description: The issue concerns a file upload vulnerability. It is exploited via the "/api/backend/core/web-file-upload/upload" API endpoint. Recommendations: For ujcms version 6.0.2, consider restricting access to the...
CVE-2023-24369
A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...
CVE-2023-24369
A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...
Cross site scripting
A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...
CVE-2023-24369
A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...
UJCMS 跨站脚本漏洞
UJCMS is UJCMS open source a Java open source content management system . UJCMS v4.1.3 version of a security vulnerability , the vulnerability stems from the existence of cross-site scripting XSS vulnerability , an attacker can be exploited to exploit the vulnerability will be carefully crafted...
CVE-2023-24369
A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...
CVE-2023-24369
CVE-2023-24369 affects UJCMS v4.1.3. The vulnerability is a cross-site scripting (XSS) flaw that lets an attacker inject arbitrary web scripts or HTML by placing a crafted payload in the URL parameter under the Add New Articles function. Impact per available data indicates potential: confidential...