RSS   Podatności dla 'Ofcms'   RSS

2022-06-02
 
CVE-2022-29653

CWE-79
 

 
OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.

 
2022-04-10
 
CVE-2022-27960

CWE-276
 

 
Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.

 
 
CVE-2022-27961

CWE-79
 

 
A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.

 


Copyright 2024, cxsecurity.com

 

Back to Top