CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1257 – Jspxcms find_text.do cross site scripting
https://notcve.org/view.php?id=CVE-2024-1257
A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/sweatxi/BugHub/blob/main/find_text_do.pdf https://vuldb.com/?ctiid.252996 https://vuldb.com/?id.252996 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1256 – Jspxcms filter_text.do cross site scripting
https://notcve.org/view.php?id=CVE-2024-1256
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sweatxi/BugHub/blob/main/filter_txet_do.pdf https://vuldb.com/?ctiid.252995 https://vuldb.com/?id.252995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0599 – Jspxcms Document Management Page InfoController.java cross site scripting
https://notcve.org/view.php?id=CVE-2024-0599
A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. • https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf https://vuldb.com/?ctiid.250837 https://vuldb.com/?id.250837 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51806
https://notcve.org/view.php?id=CVE-2023-51806
File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file. Vulnerabilidad de carga de archivos en Ujcms v.8.0.2 permite a un atacante local ejecutar código arbitrario a través de un archivo manipulado. • https://github.com/ujcms/ujcms https://github.com/ujcms/ujcms/issues/8 https://www.ujcms.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51350
https://notcve.org/view.php?id=CVE-2023-51350
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header. Un ataque de suplantación de identidad en ujcms v.8.0.2 permite a un atacante remoto obtener información confidencial y ejecutar código arbitrario a través de un script diseñado para la función X-Forwarded-For en el encabezado. • https://github.com/ujcms/ujcms https://github.com/ujcms/ujcms/issues/7 https://www.ujcms.com • CWE-290: Authentication Bypass by Spoofing •