Lucene search
K
UjcmsJspxcms

6 matches found

CVE
CVE
added 2022/02/04 9:3 p.m.150 views

CVE-2022-23329

The CVE-2022-23329 entry affects UJCMS Jspxcms v10.2.0, where a vulnerability in freemarker.template.utility.Execute?new() enables arbitrary command execution via uploading malicious files. Affected component: Jspxcms file upload handling leading to code execution. Root cause is the Freemarker Ex...

9.8CVSS9.6AI score0.1441EPSS
CVE
CVE
added 2022/05/04 1:6 p.m.76 views

CVE-2022-28090

CVE-2022-28090 affects Jspxcms v10.2.0 and enables a Server-Side Request Forgery (SSRF) via the parameter in the endpoint /cmscp/ext/collect/fetch_url.do?url= . The root cause and impact are described in the sources as SSRF, but the provided connected documents do not specify any exploit details,...

6.5CVSS6.6AI score0.01032EPSS
Web
CVE
CVE
added 2025/02/21 12:0 a.m.70 views

CVE-2025-25772

CVE-2025-25772 affects Jspxcms versions 9.0–9.5. A CSRF vulnerability in the /back/UserController.java component could allow an attacker to arbitrarily add Administrator accounts via a crafted request. The CVSS base score is 5.1 (Medium) with local attack vector, low attack complexity, and no use...

5.1CVSS6.5AI score0.00162EPSS
CVE
CVE
added 2024/02/06 7:31 p.m.51 views

CVE-2024-1256

CVE-2024-1256 affects Jspxcms 10.2.0, specifically the processing of the file segment related to “/ext/collect/filter_text.do” which is susceptible to cross-site scripting due to the underlying handling of input. The issue is remotely exploitable, and official records note that the exploit has be...

4.3CVSS4.5AI score0.00551EPSS
CVE
CVE
added 2024/01/16 8:0 p.m.46 views

CVE-2024-0599

CVE-2024-0599 affects Jspxcms 10.2.0 in the Document Management Page, specifically the InfoController.java component. The vulnerability is a cross-site scripting (XSS) flaw caused by unsafely handling the title argument, enabling remote exploitation. Public exploit availability is indicated in th...

5.4CVSS5.2AI score0.00514EPSS
CVE
CVE
added 2024/02/06 8:0 p.m.36 views

CVE-2024-1257

CVE-2024-1257 affects Jspxcms 10.2.0. The vulnerability is in the function/file /ext/collect/find_text.do and enables cross-site scripting. Exploitation is possible remotely, and public exploit information exists. The linked sources confirm XSS impact but do not provide concrete exploit details b...

6.1CVSS6AI score0.00454EPSS