Ofcms Project: >> Ofcms Security Vulnerabilities
A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-02-22
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-10-25
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file
CVSS Score
6.5
EPSS Score
0.005
Published
2024-10-25
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-10-01
OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-05-14
Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-01-16
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.
CVSS Score
8.8
EPSS Score
0.005
Published
2023-03-16
OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-06-02
Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-04-10
A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-10
Page 1