2 matches found
CVE-2021-30173
CVE-2021-30173 involves a Local File Inclusion vulnerability in the omni-directional communication system (Jun-He/Junghee/Junghee-type Total Communication System). The issue arises when an authenticated attacker injects an absolute path into the Url parameter, enabling access to arbitrary files o...
CVE-2021-30172
CVE-2021-30172 affects the Jun-He/Quan-Fang-Wei-Tong-Xun system: special characters on the image preview page input are not filtered, enabling a remote authenticated attacker to inject JavaScript via reflected XSS and access/manipulate customer information. Connected sources confirm the XSS vecto...