Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ofcms Project Subscribe
Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24760 1 Ofcms Project 1 Ofcms 2023-03-21 N/A 8.8 HIGH
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.
CVE-2022-29653 1 Ofcms Project 1 Ofcms 2022-06-09 4.3 MEDIUM 6.1 MEDIUM
OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.
CVE-2022-27960 1 Ofcms Project 1 Ofcms 2022-04-14 5.5 MEDIUM 5.4 MEDIUM
Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.
CVE-2022-27961 1 Ofcms Project 1 Ofcms 2022-04-14 3.5 LOW 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.
CVE-2019-9614 1 Ofcms Project 1 Ofcms 2021-07-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command.
CVE-2019-9616 1 Ofcms Project 1 Ofcms 2020-08-24 6.5 MEDIUM 7.2 HIGH
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.
CVE-2019-9609 1 Ofcms Project 1 Ofcms 2019-03-07 6.5 MEDIUM 8.8 HIGH
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI.
CVE-2019-9610 1 Ofcms Project 1 Ofcms 2019-03-07 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java.
CVE-2019-9611 1 Ofcms Project 1 Ofcms 2019-03-07 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This is related to the save function in TemplateController.java.
CVE-2019-9612 1 Ofcms Project 1 Ofcms 2019-03-07 6.5 MEDIUM 8.8 HIGH
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI.
CVE-2019-9613 1 Ofcms Project 1 Ofcms 2019-03-07 6.5 MEDIUM 7.2 HIGH
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI.
CVE-2019-9615 1 Ofcms Project 1 Ofcms 2019-03-07 6.5 MEDIUM 7.2 HIGH
An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.
CVE-2019-9608 1 Ofcms Project 1 Ofcms 2019-03-07 6.5 MEDIUM 8.8 HIGH
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.
CVE-2019-9617 1 Ofcms Project 1 Ofcms 2019-03-07 6.5 MEDIUM 8.8 HIGH
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI.