CVE-2023-24760 — CVSS 8.8 (high): An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.
CVE-2019-9617 — CVSS 8.8 (high): An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does…
CVE-2019-9608 — CVSS 8.8 (high): An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does…
CVE-2019-9612 — CVSS 8.8 (high): An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does…
CVE-2019-9614 — CVSS 8.8 (high): An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign…
CVE-2019-9609 — CVSS 8.8 (high): An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does…
CVE-2019-9615 — CVSS 7.2 (high): An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateControlle…
CVE-2019-9613 — CVSS 7.2 (high): An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does…
CVE-2019-9616 — CVSS 7.2 (high): An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does…
CVE-2024-48236 — CVSS 6.5 (medium): An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of…
CVE-2019-9611 — CVSS 6.5 (medium): An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in…
CVE-2024-48235 — CVSS 6.5 (medium): An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file.
CVE-2022-29653 — CVSS 6.1 (medium): OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.
CVE-2022-27960 — CVSS 5.4 (medium): Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and…
CVE-2022-27961 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML…
CVE-2023-51807 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the…
CVE-2019-9610 — CVSS 4.3 (medium): An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal…
CVE-2025-1557 — CVSS 4.3 (medium): A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to…
CVE-2024-9411 — CVSS 3.5 (low): A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.js…