Jspxcms
by Jspxcms
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23329 | Cri | 0.65 | 9.8 | 0.14 | Feb 4, 2022 | A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | ||
| CVE-2018-20596 | Cri | 0.64 | 9.8 | 0.01 | Dec 30, 2018 | Jspxcms v9.0.0 allows SSRF. | ||
| CVE-2018-16553 | Hig | 0.47 | 7.2 | 0.03 | Jun 20, 2019 | In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin. | ||
| CVE-2022-28090 | Med | 0.42 | 6.5 | 0.01 | May 4, 2022 | Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. | ||
| CVE-2023-46911 | Med | 0.40 | 6.1 | 0.00 | Nov 1, 2023 | There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend. | ||
| CVE-2024-1200 | Med | 0.35 | 5.3 | 0.01 | Feb 3, 2024 | A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed… | ||
| CVE-2025-25772 | Med | 0.33 | 5.1 | 0.00 | Feb 21, 2025 | A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request. | ||
| CVE-2024-1257 | Low | 0.23 | 3.5 | 0.00 | Feb 6, 2024 | A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed… | ||
| CVE-2024-1256 | Low | 0.23 | 3.5 | 0.01 | Feb 6, 2024 | A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to… | ||
| CVE-2024-0721 | Low | 0.23 | 3.5 | 0.00 | Jan 19, 2024 | A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has… | ||
| CVE-2024-0599 | Low | 0.23 | 3.5 | 0.01 | Jan 16, 2024 | A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the… |
- risk 0.65cvss 9.8epss 0.14
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.
- risk 0.64cvss 9.8epss 0.01
Jspxcms v9.0.0 allows SSRF.
- risk 0.47cvss 7.2epss 0.03
In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin.
- risk 0.42cvss 6.5epss 0.01
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
- risk 0.40cvss 6.1epss 0.00
There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend.
- risk 0.35cvss 5.3epss 0.01
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed…
- risk 0.33cvss 5.1epss 0.00
A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request.
- risk 0.23cvss 3.5epss 0.00
A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed…
- risk 0.23cvss 3.5epss 0.01
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to…
- risk 0.23cvss 3.5epss 0.00
A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has…
- risk 0.23cvss 3.5epss 0.01
A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the…