Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Edetw Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-39027 1 Edetw 1 U-office Force 2022-10-31 N/A 5.4 MEDIUM
U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack.
CVE-2022-39026 1 Edetw 1 U-office Force 2022-10-31 N/A 5.4 MEDIUM
U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack.
CVE-2022-39025 1 Edetw 1 U-office Force 2022-10-31 N/A 6.1 MEDIUM
U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.
CVE-2022-39022 1 Edetw 1 U-office Force 2022-10-31 N/A 6.5 MEDIUM
U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file.
CVE-2022-39024 1 Edetw 1 U-office Force 2022-10-31 N/A 6.1 MEDIUM
U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.
CVE-2022-39023 1 Edetw 1 U-office Force 2022-10-31 N/A 6.5 MEDIUM
U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file.
CVE-2022-39021 1 Edetw 1 U-office Force 2022-10-31 N/A 6.1 MEDIUM
U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website.