Lucene search
K

26 matches found

RedhatCVE
RedhatCVE
added 2026/01/19 2:19 a.m.15 views

CVE-2026-1061

A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...

9.8CVSS6.6AI score0.00357EPSS
Exploits1References1
OSV
OSV
added 2026/01/17 8:15 p.m.5 views

CVE-2026-1062

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS5.5AI score0.00365EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/01/17 7:32 p.m.5 views

CVE-2026-1062

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS5.2AI score0.00365EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/17 7:32 p.m.4 views

CVE-2026-1062 xiweicheng TMS HtmlUtil.java summary server-side request forgery

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS5.2AI score0.00365EPSS
Exploits1References6
EUVD
EUVD
added 2026/01/17 7:32 p.m.5 views

EUVD-2026-3131

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS6.3AI score0.00365EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/01/17 7:32 p.m.35 views

CVE-2026-1062 xiweicheng TMS HtmlUtil.java summary server-side request forgery

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS0.00365EPSS
Exploits1References6
CVE
CVE
added 2026/01/17 7:32 p.m.16 views

CVE-2026-1062

CVE-2026-1062 affects xiweicheng TMS up to version 2.28.0. The flaw is in the function Summary (src/main/java/com/lhjz/portal/util/HtmlUtil.java) where manipulation of the URL argument enables server-side request forgery. Attacks can be initiated remotely, and an exploit has been published. Multi...

9.8CVSS6.5AI score0.00365EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/01/17 7:15 p.m.4 views

CVE-2026-1061

A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...

9.8CVSS5.5AI score0.00357EPSS
Exploits1References4
NVD
NVD
added 2026/01/17 7:15 p.m.7 views

CVE-2026-1061

A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...

9.8CVSS0.00357EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/17 7:2 p.m.3 views

CVE-2026-1061 xiweicheng TMS FileController.java upload unrestricted upload

A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...

6.5CVSS5.3AI score0.00357EPSS
Exploits1References4
EUVD
EUVD
added 2026/01/17 7:2 p.m.7 views

EUVD-2026-3130

A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...

6.5CVSS6.3AI score0.00357EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/17 7:2 p.m.7 views

CVE-2026-1061

A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...

6.5CVSS5.1AI score0.00357EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/01/17 7:2 p.m.26 views

CVE-2026-1061 xiweicheng TMS FileController.java upload unrestricted upload

A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...

6.5CVSS0.00357EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.15 views

PT-2026-3368

Name of the Vulnerable Software and Affected Versions xiweicheng TMS versions prior to 2.28.0 Description An issue exists in xiweicheng TMS that allows for unrestricted file uploads. This is due to the manipulation of the filename argument within the Upload function located in the file...

9.8CVSS6.5AI score0.00357EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.6 views

CVE-2023-50630

Cross Site Scripting XSS vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function...

6.1CVSS6.3AI score0.00506EPSS
Exploits1References1
NVD
NVD
added 2025/12/17 2:16 a.m.7 views

CVE-2025-14801

A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...

4.8CVSS0.00235EPSS
Exploits1References4
OSV
OSV
added 2025/12/17 2:16 a.m.4 views

CVE-2025-14801

A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...

4.8CVSS4.2AI score0.00235EPSS
Exploits1References4
CVE
CVE
added 2025/12/17 2:2 a.m.22 views

CVE-2025-14801

CVE-2025-14801 affects xiweicheng TMS up to 2.28.0, specifically the createComment function in /admin/blog/comment/create. The vulnerability arises from manipulation of the argument content, enabling cross-site scripting. Exploitation can be remote, and public PoC details exist. Multiple sources ...

4.8CVSS5.1AI score0.00235EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51799

Name of the Vulnerable Software and Affected Versions xiweicheng TMS versions prior to 2.28.1 Description A security issue exists in xiweicheng TMS. The createComment function within the /admin/blog/comment/create file is susceptible to cross site scripting. Manipulation of the content argument c...

4.8CVSS4.4AI score0.00235EPSS
Exploits1References9
NVD
NVD
added 2024/01/04 8:15 a.m.8 views

CVE-2023-50630

Cross Site Scripting XSS vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function...

6.1CVSS6AI score0.00506EPSS
Exploits1References1
Rows per page
Query Builder