Cross site scripting

OFCMS v1.1.4 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/comn/service/update.json...

CVE-2022-29653

OFCMS v1.1.4 contains a cross-site scripting (XSS) vulnerability in the /admin/comn/service/update.json component. The root cause is lack of data validation/filtering on user-supplied data and output data, allowing injected JavaScript code to be executed in the context of the affected application...