Ofcms@1.1.4 Security Vulnerabilities and Issues — Ofcms@1.1.4 CVE List

Lucene search

Ofcms ProjectOfcms1.1.4

5 matches found

CVE•added 2022/04/10 9:15 p.m.•61 views

CVE-2022-27960

Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.

5.5CVSS5.5AI score0.00103EPSS

CVE•added 2022/04/10 9:15 p.m.•61 views

CVE-2022-27961

A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.

5.4CVSS5.3AI score0.00181EPSS

CVE•added 2022/06/02 2:15 p.m.•40 views

CVE-2022-29653

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.

6.1CVSS6AI score0.00212EPSS

CVE•added 2023/03/16 2:15 a.m.•38 views

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.

8.8CVSS8.6AI score0.00466EPSS

CVE•added 2024/01/16 11:15 p.m.•26 views

CVE-2023-51807

Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component.

5.4CVSS5.1AI score0.00183EPSS