Java Exploits
370 exploits tracked across all sources.
pb-cms < 2.0.1 - Cross-Site Scripting in Permission Management Page
A vulnerability classified as problematic was found in LinZhaoguan pb-cms up to 2.0.1. This vulnerability affects unknown code of the file /admin#permissions of the component Permission Management Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
by LinZhaoguan
pb-cms < 2.0.1 - Cross-Site Scripting in Edit Article Handler
A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms up to 2.0.1. This issue affects some unknown processing of the file /admin#article/edit?id=2 of the component Edit Article Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
by LinZhaoguan
pb-cms < 2.0.1 - Cross-Site Scripting in Theme Management Module
A vulnerability, which was classified as problematic, was found in LinZhaoguan pb-cms up to 2.0.1. Affected is an unknown function of the file /admin#themes of the component Theme Management Module. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by LinZhaoguan
ofcms 1.1.4 - Arbitrary User Information Modification via SysUserController.java user_id Parameter
Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.
by oufu
OFCMS 1.1.4 - Stored Cross-Site Scripting via Company Comment Text Box
A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.
by oufu
OFCMS v1.1.4 - Cross-Site Scripting via /admin/comn/service/update.json
OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.
by oufu
Ofcms <1.1.4 - Privilege Escalation
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.
by oufu
Ofcms <1.1.4 - Privilege Escalation
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.
by oufu
ofcms 1.14 - Cross-Site Scripting via Title Addition Component
Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component.
by oufu
beetl 3.15.0 - Server-Side Template Injection via Render Function
An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload.
by xiandafu
Before Beetl <3.15.12 - Code Injection
Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution.
by xiandafu
My-Blog - Cross-Site Request Forgery via /admin/configurations/userInfo
A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264.
by zhenfeng13
my-blog - Cross-Site Scripting via Post Function
Cross Site Scripting vulnerability found in My-Blog allows attackers to cause a denial of service via the Post function.
by zhenfeng13
meetyoucrop big-whale 1.1 - Improper Ownership Management
A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250232.
by progr1mmer
beetl-bbs - Cross-Site Scripting via User Argument in WebUtils.java
A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215107.
by xiandafu
JFinalCMS 5.0.0 - Path Traversal via File Download fileKey Parameter
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
by heyewei
JFinalCMS 5.0.0 - SQL Injection via /admin/content/data
JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.
by heyewei
favorites-web - Cross-Site Scripting in Comment Handler
A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218294 is the identifier assigned to this vulnerability.
by ityouknow
xzjie cms <1.0.3 - Unrestricted Upload
A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367.
by xzjie
XiaoBingBy TeaCMS 2.0 - Path Traversal
A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222985 was assigned to this vulnerability.
by xiaobingby
XiaoBingBy TeaCMS <2.0.2 - SQL Injection
A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and classified as critical. This vulnerability affects unknown code of the file /admin/getallarticleinfo. The manipulation of the argument searchInfo leads to sql injection. The attack can be initiated remotely. VDB-223366 is the identifier assigned to this vulnerability.
by xiaobingby
TeaCMS < 2.0.2 - Cross-Site Scripting in Article Title Handler
A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has been classified as problematic. Affected is an unknown function of the component Article Title Handler. The manipulation with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223800.
by xiaobingby
TeaCMS - Stored Cross-Site Scripting via Article Title Parameter
Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter.
by xiaobingby
TeaCMS - Stored Cross-Site Scripting via Article Title Parameter
Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter.
by xiaobingby
TeaCMS 2.3.3 - Privilege Escalation
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s).
by xiaobingby
By Source