CVE-2023-46911
https://notcve.org/view.php?id=CVE-2023-46911
There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend. Existe una vulnerabilidad de Cross Site Scripting (XSS) en la interfaz choose_style_tree.do del backend de Jspxcms v10.2.0. • https://gitee.com/jspxcms/Jspxcms/issues/I8AK2H • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-28090
https://notcve.org/view.php?id=CVE-2022-28090
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. Jspxcms versión v10.2.0, permite a atacantes ejecutar una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) por medio de /cmscp/ext/collect/fetch_url.do?url= • https://gitee.com/jspxcms/Jspxcms/issues/I4ZKDR • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-23329
https://notcve.org/view.php?id=CVE-2022-23329
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. Una vulnerabilidad en ${"freemarker.template.utility.Execute"?new() de UJCMS Jspxcms versión v10.2.0, permite a atacantes ejecutar comandos arbitrarios por medio de una carga de archivos maliciosos • https://gitee.com/jspxcms/Jspxcms/issues/I4QAZN • CWE-434: Unrestricted Upload of File with Dangerous Type •