CVE-2024-1200 – Jspxcms information disclosure
https://notcve.org/view.php?id=CVE-2024-1200
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sweatxi/BugHub/blob/main/Nanchang%20Lanzhi%20Technology%20Co.pdf https://vuldb.com/?ctiid.252698 https://vuldb.com/?id.252698 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-0721 – Jspxcms Survey Label cross site scripting
https://notcve.org/view.php?id=CVE-2024-0721
A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sweatxi/BugHub/blob/main/jspXCMS-%20Survey%20label.pdf https://vuldb.com/?ctiid.251545 https://vuldb.com/?id.251545 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-46911
https://notcve.org/view.php?id=CVE-2023-46911
There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend. Existe una vulnerabilidad de Cross Site Scripting (XSS) en la interfaz choose_style_tree.do del backend de Jspxcms v10.2.0. • https://gitee.com/jspxcms/Jspxcms/issues/I8AK2H • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-16553
https://notcve.org/view.php?id=CVE-2018-16553
In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin. En Jspxcms 9.0.0, una implementación de enrutamiento de URL vulnerable permite la ejecución remota de código después de iniciar sesión como administrador web. • http://www.jspxcms.com/jspbb/question/770 https://gitee.com/jspxcms/Jspxcms/releases • CWE-284: Improper Access Control •
CVE-2018-20596
https://notcve.org/view.php?id=CVE-2018-20596
Jspxcms v9.0.0 allows SSRF. Jspxcms v9.0.0 permite Server-Side Request Forgery (SSRF). • https://gitee.com/jspxcms/Jspxcms/issues/IQAHK • CWE-918: Server-Side Request Forgery (SSRF) •