Vulnerabilities > Ofcms Project

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2023-51807 Cross-site Scripting vulnerability in Ofcms Project Ofcms 1.1.4
Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component.
network
low complexity
ofcms-project CWE-79
5.4
2023-03-16 CVE-2023-24760 Improper Privilege Management vulnerability in Ofcms Project Ofcms 1.1.4
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.
network
low complexity
ofcms-project CWE-269
8.8
2022-06-02 CVE-2022-29653 Cross-site Scripting vulnerability in Ofcms Project Ofcms 1.1.4
OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.
network
low complexity
ofcms-project CWE-79
6.1
2022-04-10 CVE-2022-27960 Incorrect Default Permissions vulnerability in Ofcms Project Ofcms 1.1.4
Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.
network
low complexity
ofcms-project CWE-276
5.4
2022-04-10 CVE-2022-27961 Cross-site Scripting vulnerability in Ofcms Project Ofcms 1.1.4
A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.
network
low complexity
ofcms-project CWE-79
5.4
2019-03-06 CVE-2019-9617 Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2
An issue was discovered in OFCMS before 1.1.3.
network
low complexity
ofcms-project CWE-434
8.8
2019-03-06 CVE-2019-9616 Use of Incorrectly-Resolved Name or Reference vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2
An issue was discovered in OFCMS before 1.1.3.
network
low complexity
ofcms-project CWE-706
7.2
2019-03-06 CVE-2019-9615 SQL Injection vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2
An issue was discovered in OFCMS before 1.1.3.
network
low complexity
ofcms-project CWE-89
7.2
2019-03-06 CVE-2019-9614 Injection vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2
An issue was discovered in OFCMS before 1.1.3.
network
low complexity
ofcms-project CWE-74
8.8
2019-03-06 CVE-2019-9613 Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2
An issue was discovered in OFCMS before 1.1.3.
network
low complexity
ofcms-project CWE-434
7.2