26 matches found
CVE-2026-1061
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...
CVE-2026-1062
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-1062
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-1062 xiweicheng TMS HtmlUtil.java summary server-side request forgery
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...
EUVD-2026-3131
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-1062 xiweicheng TMS HtmlUtil.java summary server-side request forgery
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-1062
CVE-2026-1062 affects xiweicheng TMS up to version 2.28.0. The flaw is in the function Summary (src/main/java/com/lhjz/portal/util/HtmlUtil.java) where manipulation of the URL argument enables server-side request forgery. Attacks can be initiated remotely, and an exploit has been published. Multi...
CVE-2026-1061
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...
CVE-2026-1061
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...
CVE-2026-1061 xiweicheng TMS FileController.java upload unrestricted upload
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...
EUVD-2026-3130
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...
CVE-2026-1061
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...
CVE-2026-1061 xiweicheng TMS FileController.java upload unrestricted upload
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...
PT-2026-3368
Name of the Vulnerable Software and Affected Versions xiweicheng TMS versions prior to 2.28.0 Description An issue exists in xiweicheng TMS that allows for unrestricted file uploads. This is due to the manipulation of the filename argument within the Upload function located in the file...
CVE-2023-50630
Cross Site Scripting XSS vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function...
CVE-2025-14801
A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...
CVE-2025-14801
A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...
CVE-2025-14801
CVE-2025-14801 affects xiweicheng TMS up to 2.28.0, specifically the createComment function in /admin/blog/comment/create. The vulnerability arises from manipulation of the argument content, enabling cross-site scripting. Exploitation can be remote, and public PoC details exist. Multiple sources ...
PT-2025-51799
Name of the Vulnerable Software and Affected Versions xiweicheng TMS versions prior to 2.28.1 Description A security issue exists in xiweicheng TMS. The createComment function within the /admin/blog/comment/create file is susceptible to cross site scripting. Manipulation of the content argument c...
CVE-2023-50630
Cross Site Scripting XSS vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function...