Vulnerabilities > Ujcms

DATE CVE VULNERABILITY TITLE RISK
2024-12-12 CVE-2024-12483 Authorization Bypass Through User-Controlled Key vulnerability in Ujcms
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3.
network
high complexity
ujcms CWE-639
5.9
2024-02-06 CVE-2024-1256 Cross-site Scripting vulnerability in Ujcms Jspxcms 10.2.0
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic.
network
low complexity
ujcms CWE-79
4.3
2024-02-06 CVE-2024-1257 Cross-site Scripting vulnerability in Ujcms Jspxcms 10.2.0
A vulnerability was found in Jspxcms 10.2.0.
network
low complexity
ujcms CWE-79
6.1
2024-01-16 CVE-2024-0599 Unspecified vulnerability in Ujcms Jspxcms 10.2.0
A vulnerability was found in Jspxcms 10.2.0.
network
low complexity
ujcms
5.4
2024-01-12 CVE-2023-51806 Unrestricted Upload of File with Dangerous Type vulnerability in Ujcms 8.0.2
File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file.
network
low complexity
ujcms CWE-434
5.4
2024-01-11 CVE-2023-51350 Authentication Bypass by Spoofing vulnerability in Ujcms 8.0.2
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header.
network
low complexity
ujcms CWE-290
critical
9.8
2023-06-14 CVE-2023-34747 Unrestricted Upload of File with Dangerous Type vulnerability in Ujcms 6.0.2
File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload.
network
low complexity
ujcms CWE-434
critical
9.8
2023-06-14 CVE-2023-34865 Path Traversal vulnerability in Ujcms 6.0.2
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature.
network
low complexity
ujcms CWE-22
critical
9.8
2023-06-14 CVE-2023-34878 Unspecified vulnerability in Ujcms 6.0.2
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip.
network
low complexity
ujcms
7.5
2023-06-14 CVE-2023-3231 Unspecified vulnerability in Ujcms
A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic.
network
low complexity
ujcms
6.5