3 matches found
CVE-2026-1062
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-1061
CVE-2026-1061 affects xiweicheng TMS prior to 2.28.0. The vulnerability is in the Upload function of FileController.java (src/main/java/com/lhjz/portal/controller/FileController.java), where manipulation of the filename argument enables unrestricted file upload. Remote exploitation is possible, a...
CVE-2025-14801
A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...