jspxcms

4 exploits Active since Dec 2018
CVE-2023-46911 GITEE MEDIUM java
Jspxcms v10.2.0 - Cross-Site Scripting via choose_style_tree.do Interface
There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend.
7 stars
CVSS 6.1
CVE-2022-28090 GITEE MEDIUM java
Jspxcms v10.2.0 - Server-Side Request Forgery via /cmscp/ext/collect/fetch_url.do URL Parameter
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
7 stars
CVSS 6.5
CVE-2022-23329 GITEE CRITICAL java
Jspxcms 10.2.0 - Remote Code Execution via Freemarker Template Utility
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.
7 stars
CVSS 9.8
CVE-2018-20596 GITEE CRITICAL java
Jspxcms v9.0.0 - Server-Side Request Forgery
Jspxcms v9.0.0 allows SSRF.
7 stars
CVSS 9.8