By-Yexing/Vulnerability_JAVA

Releases0

Stars3

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-23052 ↗	Feb 29, 2024Thursday, 29 February 2024, 01:44	9.8 CRITICAL	—
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.
CVE-2024-24059 ↗	Feb 1, 2024Thursday, 1 February 2024, 14:15	5.4 MEDIUM	—
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files.
CVE-2024-24060 ↗	Feb 1, 2024Thursday, 1 February 2024, 14:15	5.4 MEDIUM	—
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user.
CVE-2024-24061 ↗	Feb 1, 2024Thursday, 1 February 2024, 14:15	5.4 MEDIUM	—
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add.
CVE-2024-24062 ↗	Feb 1, 2024Thursday, 1 February 2024, 14:15	5.4 MEDIUM	—
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role.