Vulnerabilities > Ofcms Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-16 | CVE-2023-51807 | Cross-site Scripting vulnerability in Ofcms Project Ofcms 1.1.4 Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component. | 5.4 |
2023-03-16 | CVE-2023-24760 | Improper Privilege Management vulnerability in Ofcms Project Ofcms 1.1.4 An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController. | 8.8 |
2022-06-02 | CVE-2022-29653 | Cross-site Scripting vulnerability in Ofcms Project Ofcms 1.1.4 OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. | 6.1 |
2022-04-10 | CVE-2022-27960 | Incorrect Default Permissions vulnerability in Ofcms Project Ofcms 1.1.4 Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information. | 5.4 |
2022-04-10 | CVE-2022-27961 | Cross-site Scripting vulnerability in Ofcms Project Ofcms 1.1.4 A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box. | 5.4 |
2019-03-06 | CVE-2019-9617 | Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 8.8 |
2019-03-06 | CVE-2019-9616 | Use of Incorrectly-Resolved Name or Reference vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 7.2 |
2019-03-06 | CVE-2019-9615 | SQL Injection vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 7.2 |
2019-03-06 | CVE-2019-9614 | Injection vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 8.8 |
2019-03-06 | CVE-2019-9613 | Unrestricted Upload of File with Dangerous Type vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 7.2 |