CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1257 – Jspxcms find_text.do cross site scripting
https://notcve.org/view.php?id=CVE-2024-1257
A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/sweatxi/BugHub/blob/main/find_text_do.pdf https://vuldb.com/?ctiid.252996 https://vuldb.com/?id.252996 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1256 – Jspxcms filter_text.do cross site scripting
https://notcve.org/view.php?id=CVE-2024-1256
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sweatxi/BugHub/blob/main/filter_txet_do.pdf https://vuldb.com/?ctiid.252995 https://vuldb.com/?id.252995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0599 – Jspxcms Document Management Page InfoController.java cross site scripting
https://notcve.org/view.php?id=CVE-2024-0599
A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. • https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf https://vuldb.com/?ctiid.250837 https://vuldb.com/?id.250837 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28090
https://notcve.org/view.php?id=CVE-2022-28090
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. Jspxcms versión v10.2.0, permite a atacantes ejecutar una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) por medio de /cmscp/ext/collect/fetch_url.do?url= • https://gitee.com/jspxcms/Jspxcms/issues/I4ZKDR • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23329
https://notcve.org/view.php?id=CVE-2022-23329
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. Una vulnerabilidad en ${"freemarker.template.utility.Execute"?new() de UJCMS Jspxcms versión v10.2.0, permite a atacantes ejecutar comandos arbitrarios por medio de una carga de archivos maliciosos • https://gitee.com/jspxcms/Jspxcms/issues/I4QAZN • CWE-434: Unrestricted Upload of File with Dangerous Type •