Vulnerabilities > Ujcms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-12-12 | CVE-2024-12483 | Authorization Bypass Through User-Controlled Key vulnerability in Ujcms A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. | 5.9 |
2024-02-06 | CVE-2024-1256 | Cross-site Scripting vulnerability in Ujcms Jspxcms 10.2.0 A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. | 4.3 |
2024-02-06 | CVE-2024-1257 | Cross-site Scripting vulnerability in Ujcms Jspxcms 10.2.0 A vulnerability was found in Jspxcms 10.2.0. | 6.1 |
2024-01-16 | CVE-2024-0599 | Unspecified vulnerability in Ujcms Jspxcms 10.2.0 A vulnerability was found in Jspxcms 10.2.0. | 5.4 |
2024-01-12 | CVE-2023-51806 | Unrestricted Upload of File with Dangerous Type vulnerability in Ujcms 8.0.2 File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file. | 5.4 |
2024-01-11 | CVE-2023-51350 | Authentication Bypass by Spoofing vulnerability in Ujcms 8.0.2 A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header. | 9.8 |
2023-06-14 | CVE-2023-34747 | Unrestricted Upload of File with Dangerous Type vulnerability in Ujcms 6.0.2 File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload. | 9.8 |
2023-06-14 | CVE-2023-34865 | Path Traversal vulnerability in Ujcms 6.0.2 Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature. | 9.8 |
2023-06-14 | CVE-2023-34878 | Unspecified vulnerability in Ujcms 6.0.2 An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip. | 7.5 |
2023-06-14 | CVE-2023-3231 | Unspecified vulnerability in Ujcms A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. | 6.5 |