CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32757 – e-Excellence U-Office Force - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-32757
25 Aug 2023 — e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. La función de carga de archivos de e-Excellence U-Office Force no restringe la carga de archivos de tipo peligroso. Un atacante remoto no autenticado sin registro del servicio puede explotar esta vulnerabilidad para cargar archivos arbit... • https://www.twcert.org.tw/tw/cp-132-7330-94442-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32756 – e-Excellence U-Office Force - Path Traversal
https://notcve.org/view.php?id=CVE-2023-32756
25 Aug 2023 — e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service. e-Excellence U-Office Force tiene una vulnerabilidad de path traversal dentro de sus funciones de carga y descarga de archivos. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para leer archivos arbitrarios del sistema, pero no pu... • https://www.twcert.org.tw/tw/cp-132-7329-d8e4c-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32755 – e-Excellence U-Office Force - Error Message Leakage
https://notcve.org/view.php?id=CVE-2023-32755
25 Aug 2023 — e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command. e-Excellence U-Office Force genera un mensaje de error en el servicio del sitio web. Un atacante remoto no autenticado puede obtener información confidencial parcial del sistema a partir de un mensaje de error enviando un comando manipulado. • https://www.twcert.org.tw/tw/cp-132-7328-d4112-1.html • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39027 – e-Excellence Inc. U-Office Force - Stored XSS
https://notcve.org/view.php?id=CVE-2022-39027
31 Oct 2022 — U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. La función U-Office Force Forum tiene un filtrado insuficiente para caracteres especiales. Un atacante remoto con privilegios de usuario general puede inyectar JavaScript y realizar un ataque XSS (Stored Cross-Site Scripting). • https://www.twcert.org.tw/tw/cp-132-6642-bf567-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39026 – e-Excellence Inc. U-Office Force - Stored XSS
https://notcve.org/view.php?id=CVE-2022-39026
31 Oct 2022 — U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. La página U-Office Force UserDefault no tiene filtrado suficiente para caracteres especiales en los campos del encabezado HTTP. Un atacante remoto con privilegios de usuario general puede aprovechar esta vulnerabilidad para inyectar JavaScript y reali... • https://www.twcert.org.tw/tw/cp-132-6641-55796-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39025 – e-Excellence Inc. U-Office Force - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-39025
31 Oct 2022 — U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. La función U-Office Force PrintMessage tiene un filtrado insuficiente para caracteres especiales. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para inyectar JavaScript y realizar un ataque XSS (Reflected Cross-Site Scripting). • https://www.twcert.org.tw/tw/cp-132-6640-e74a3-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39024 – e-Excellence Inc. U-Office Force - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-39024
31 Oct 2022 — U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. La función U-Office Force Bulletin tiene un filtrado insuficiente para caracteres especiales. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para inyectar JavaScript y realizar un ataque XSS (Reflected Cross-Site Scripting). • https://www.twcert.org.tw/tw/cp-132-6639-fad13-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39023 – e-Excellence Inc. U-Office Force - Path Traversal
https://notcve.org/view.php?id=CVE-2022-39023
31 Oct 2022 — U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. La función U-Office Force Download tiene una vulnerabilidad de Path Araversal. Un atacante remoto con privilegios de usuario general puede aprovechar esta vulnerabilidad para descargar archivos de sistema arbitrarios. • https://www.twcert.org.tw/tw/cp-132-6638-08596-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39022 – e-Excellence Inc. U-Office Force - Path Traversal
https://notcve.org/view.php?id=CVE-2022-39022
31 Oct 2022 — U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. La función U-Office Force Download tiene una vulnerabilidad de Path Traversal. Un atacante remoto con privilegios de usuario general puede aprovechar esta vulnerabilidad para descargar archivos de sistema arbitrarios. • https://www.twcert.org.tw/tw/cp-132-6637-eed19-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39021 – e-Excellence Inc. U-Office Force - Open Redirect
https://notcve.org/view.php?id=CVE-2022-39021
31 Oct 2022 — U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website. La función de inicio de sesión U-Office Force tiene una vulnerabilidad de Open Redirect. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para redirigir al usuario a un sitio web arbitrario. • https://www.twcert.org.tw/tw/cp-132-6636-a35ed-1.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •