CVE-2026-1062
- EPSS 0.37%
- Veröffentlicht 17.01.2026 19:32:05
- Zuletzt bearbeitet 29.04.2026 01:00:01
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate...
CVE-2026-1061
- EPSS 0.36%
- Veröffentlicht 17.01.2026 19:15:51
- Zuletzt bearbeitet 29.04.2026 01:00:01
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upl...
CVE-2025-14801
- EPSS 0.24%
- Veröffentlicht 17.12.2025 02:02:06
- Zuletzt bearbeitet 29.04.2026 01:00:01
A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be perf...