Vulnerabilities > Ujcms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-12 | CVE-2024-12483 | Authorization Bypass Through User-Controlled Key vulnerability in Ujcms A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. | 5.9 |
| 2024-02-06 | CVE-2024-1256 | Cross-site Scripting vulnerability in Ujcms Jspxcms 10.2.0 A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. | 4.3 |
| 2024-02-06 | CVE-2024-1257 | Cross-site Scripting vulnerability in Ujcms Jspxcms 10.2.0 A vulnerability was found in Jspxcms 10.2.0. | 6.1 |
| 2024-01-16 | CVE-2024-0599 | Unspecified vulnerability in Ujcms Jspxcms 10.2.0 A vulnerability was found in Jspxcms 10.2.0. | 5.4 |
| 2024-01-12 | CVE-2023-51806 | Unrestricted Upload of File with Dangerous Type vulnerability in Ujcms 8.0.2 File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file. | 5.4 |
| 2023-06-14 | CVE-2023-3231 | Unspecified vulnerability in Ujcms A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. | 6.5 |
| 2023-02-17 | CVE-2023-24369 | Cross-site Scripting vulnerability in Ujcms 4.1.3/5.5.0 A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function. | 6.1 |
| 2022-05-04 | CVE-2022-28090 | Server-Side Request Forgery (SSRF) vulnerability in Ujcms Jspxcms 10.2.0 Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. | 6.5 |