Vulnerabilities > Ujcms

DATE CVE VULNERABILITY TITLE RISK
2023-02-17 CVE-2023-24369 Cross-site Scripting vulnerability in Ujcms 4.1.3/5.5.0
A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function.
network
low complexity
ujcms CWE-79
6.1
2022-05-04 CVE-2022-28090 Server-Side Request Forgery (SSRF) vulnerability in Ujcms Jspxcms 10.2.0
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
network
low complexity
ujcms CWE-918
6.5
2022-02-04 CVE-2022-23329 Unrestricted Upload of File with Dangerous Type vulnerability in Ujcms Jspxcms 10.2.0
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.
network
low complexity
ujcms CWE-434
critical
9.8