CVE-2025-25772
- EPSS 0.02%
- Veröffentlicht 21.02.2025 19:15:14
- Zuletzt bearbeitet 09.07.2025 14:43:22
A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request.
CVE-2024-1257
- EPSS 0.08%
- Veröffentlicht 06.02.2024 20:16:03
- Zuletzt bearbeitet 21.11.2024 08:50:10
A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. T...
CVE-2024-1256
- EPSS 0.08%
- Veröffentlicht 06.02.2024 20:16:02
- Zuletzt bearbeitet 21.11.2024 08:50:10
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The e...
CVE-2024-0599
- EPSS 0.18%
- Veröffentlicht 16.01.2024 20:15:45
- Zuletzt bearbeitet 21.11.2024 08:46:58
A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management ...
CVE-2022-28090
- EPSS 1%
- Veröffentlicht 04.05.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 06:56:44
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
CVE-2022-23329
- EPSS 1.44%
- Veröffentlicht 04.02.2022 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:48:24
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.