6 matches found
CVE-2022-23329
The CVE-2022-23329 entry affects UJCMS Jspxcms v10.2.0, where a vulnerability in freemarker.template.utility.Execute?new() enables arbitrary command execution via uploading malicious files. Affected component: Jspxcms file upload handling leading to code execution. Root cause is the Freemarker Ex...
CVE-2022-28090
CVE-2022-28090 affects Jspxcms v10.2.0 and enables a Server-Side Request Forgery (SSRF) via the parameter in the endpoint /cmscp/ext/collect/fetch_url.do?url= . The root cause and impact are described in the sources as SSRF, but the provided connected documents do not specify any exploit details,...
CVE-2025-25772
CVE-2025-25772 affects Jspxcms versions 9.0–9.5. A CSRF vulnerability in the /back/UserController.java component could allow an attacker to arbitrarily add Administrator accounts via a crafted request. The CVSS base score is 5.1 (Medium) with local attack vector, low attack complexity, and no use...
CVE-2024-1256
CVE-2024-1256 affects Jspxcms 10.2.0, specifically the processing of the file segment related to “/ext/collect/filter_text.do” which is susceptible to cross-site scripting due to the underlying handling of input. The issue is remotely exploitable, and official records note that the exploit has be...
CVE-2024-0599
CVE-2024-0599 affects Jspxcms 10.2.0 in the Document Management Page, specifically the InfoController.java component. The vulnerability is a cross-site scripting (XSS) flaw caused by unsafely handling the title argument, enabling remote exploitation. Public exploit availability is indicated in th...
CVE-2024-1257
CVE-2024-1257 affects Jspxcms 10.2.0. The vulnerability is in the function/file /ext/collect/find_text.do and enables cross-site scripting. Exploitation is possible remotely, and public exploit information exists. The linked sources confirm XSS impact but do not provide concrete exploit details b...