CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2211 – aitangbao springboot-manager add cross site scripting
https://notcve.org/view.php?id=CVE-2025-2211
11 Mar 2025 — A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sysDictDetail/add. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/spring-manage.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2210 – aitangbao springboot-manager add cross site scripting
https://notcve.org/view.php?id=CVE-2025-2210
11 Mar 2025 — A vulnerability has been found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /sysJob/add. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/spring-manage.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2209 – aitangbao springboot-manager add cross site scripting
https://notcve.org/view.php?id=CVE-2025-2209
11 Mar 2025 — A vulnerability, which was classified as problematic, was found in aitangbao springboot-manager 3.0. Affected is an unknown function of the file /sysDict/add. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/spring-manage.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2208 – aitangbao springboot-manager Filename upload cross site scripting
https://notcve.org/view.php?id=CVE-2025-2208
11 Mar 2025 — A vulnerability, which was classified as problematic, has been found in aitangbao springboot-manager 3.0. This issue affects some unknown processing of the file /sysFiles/upload of the component Filename Handler. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/spring-manage.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2207 – aitangbao springboot-manager dept cross site scripting
https://notcve.org/view.php?id=CVE-2025-2207
11 Mar 2025 — A vulnerability classified as problematic was found in aitangbao springboot-manager 3.0. This vulnerability affects unknown code of the file /sys/dept. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/spring-manage.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2206 – aitangbao springboot-manager permission cross site scripting
https://notcve.org/view.php?id=CVE-2025-2206
11 Mar 2025 — A vulnerability classified as problematic has been found in aitangbao springboot-manager 3.0. This affects an unknown part of the file /sys/permission. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/spring-manage.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24059
https://notcve.org/view.php?id=CVE-2024-24059
01 Feb 2024 — springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files. springboot-manager v1.6 es vulnerable a la carga arbitraria de archivos. El sistema no filtra los sufijos de los archivos cargados. • https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#2-file-upload-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24061
https://notcve.org/view.php?id=CVE-2024-24061
01 Feb 2024 — springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add. springboot-manager v1.6 es vulnerable a Cross Site Scripting (XSS) a través de /sysContent/add. • https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#13-stored-cross-site-scripting-syscontentadd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24060
https://notcve.org/view.php?id=CVE-2024-24060
01 Feb 2024 — springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user. springboot-manager v1.6 es vulnerable a Cross Site Scripting (XSS) a través de /sys/user. • https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#11-stored-cross-site-scripting-sysuser • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24062
https://notcve.org/view.php?id=CVE-2024-24062
01 Feb 2024 — springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role. springboot-manager v1.6 es vulnerable a Cross Site Scripting (XSS) a través de /sys/role. • https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#12-stored-cross-site-scripting-sysrole • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •