3 matches found
CVE-2025-3317
Fumiao Opencms (up to commit a0fafa5cff58719e9b27c2a2eec204cc165ce14f) contains a path traversal vulnerability in opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. The path parameter manipulation allows remote exploitation. No affected version details or fixes are provided in the docu...
CVE-2025-0708
CVE-2025-0708 affects fumiao opencms 2.2. The vulnerability is in the /admin/model/addOrUpdate endpoint, where manipulating the parameter 模板前缀 can trigger cross-site scripting. Exploitation is possible remotely and publicly disclosed. Connected sources confirm the affected component and the root ...
CVE-2025-28099
Opencms 2.3 is affected by CVE-2025-28099, a vulnerability in src/main/webapp/view/admin/document/dataPage.jsp that allows Arbitrary file read. The issue stems from the dataPage.jsp handling untrusted input, enabling retrieval of files outside the intended scope. Public references in multiple fee...