CVE-2023-51807

MEDIUM

ofcms 1.14 - Cross-Site Scripting via Title Addition Component

Title source: llm

Description

Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component.

References (3)

Core 3

Core References

Product

https://gitee.com/oufu/ofcms

Broken Link, Issue Tracking

https://gitee.com/oufu/ofcms/issues/I7OAU2

Exploit

https://github.com/Phantom4me/CVE-Management/blob/main/CVE-2023-51807.md

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0018

EPSS Percentile 40.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

ofcms_project/ofcms 1.1.4

Published Jan 16, 2024

Tracked Since Feb 18, 2026