CVE-2024-57409

CVE-2024-57409 affects the Cool-Admin-Java project (v1.0) with a vulnerability in the Parameter List module . The issue is a stored XSS that allows an attacker to execute arbitrary web scripts or HTML by injecting a crafted payload into the internet pictures field . Reported details indicate impa...

CVE-2024-57408

CVE-2024-57408 affects cool-admin-java v1.0, with an arbitrary file upload vulnerability in the /comm/upload component that allows remote code execution through a crafted file. The Red Hat/PTSecurity and CN/CS reports confirm the issue and recommend disabling the /comm/upload endpoint and restric...