Springboot-Manager Security Vulnerabilities

CVE-2024-24059

springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files.

CVE-2024-24060

springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user.

CVE-2024-24061

springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add.

CVE-2024-24062

springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role.