CVEDB API

Vulnerabilities

Vulnerable Software

Ofcms Project: >> Ofcms >> 1.1.4 Security Vulnerabilities

CVE-2023-51807

Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component.

CVSS Score

5.4

EPSS Score

0.002

Published

2024-01-16

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.

CVSS Score

8.8

EPSS Score

0.005

Published

2023-03-16

CVE-2022-29653

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.

CVSS Score

6.1

EPSS Score

0.002

Published

2022-06-02

CVE-2022-27960

Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.

CVSS Score

5.4

EPSS Score

0.001

Published

2022-04-10

CVE-2022-27961

A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.

CVSS Score

5.4

EPSS Score

0.002

Published

2022-04-10

Page 1

Vulnerabilities

Vulnerable Software

Ofcms Project: >> Ofcms >> 1.1.4 Security Vulnerabilities

Products

Pricing

Contact Us