Filtered by vendor Ofcms Project Subscriptions
Total 18 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-51807 1 Ofcms Project 1 Ofcms 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component.
CVE-2023-24760 1 Ofcms Project 1 Ofcms 2024-11-21 8.8 High
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.
CVE-2022-29653 1 Ofcms Project 1 Ofcms 2024-11-21 6.1 Medium
OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.
CVE-2022-27961 1 Ofcms Project 1 Ofcms 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.
CVE-2022-27960 1 Ofcms Project 1 Ofcms 2024-11-21 5.4 Medium
Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.
CVE-2019-9617 1 Ofcms Project 1 Ofcms 2024-11-21 N/A
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI.
CVE-2019-9616 1 Ofcms Project 1 Ofcms 2024-11-21 N/A
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.
CVE-2019-9615 1 Ofcms Project 1 Ofcms 2024-11-21 N/A
An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.
CVE-2019-9614 1 Ofcms Project 1 Ofcms 2024-11-21 N/A
An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command.
CVE-2019-9613 1 Ofcms Project 1 Ofcms 2024-11-21 N/A
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI.
CVE-2019-9612 1 Ofcms Project 1 Ofcms 2024-11-21 N/A
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI.
CVE-2019-9611 1 Ofcms Project 1 Ofcms 2024-11-21 N/A
An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This is related to the save function in TemplateController.java.
CVE-2019-9610 1 Ofcms Project 1 Ofcms 2024-11-21 N/A
An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java.
CVE-2019-9609 1 Ofcms Project 1 Ofcms 2024-11-21 N/A
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI.
CVE-2019-9608 1 Ofcms Project 1 Ofcms 2024-11-21 N/A
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.
CVE-2024-48236 1 Ofcms Project 1 Ofcms 2024-10-29 6.5 Medium
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file
CVE-2024-48235 1 Ofcms Project 1 Ofcms 2024-10-29 6.5 Medium
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file.
CVE-2024-9411 1 Ofcms Project 1 Ofcms 2024-10-04 3.5 Low
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.