Product:

Ofcms

(Ofcms_project)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 18
Date Id Summary Products Score Patch Annotated
2025-02-22 CVE-2025-1557 A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Ofcms 4.3
2024-05-14 CVE-2024-34256 OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function. Ofcms N/A
2024-10-01 CVE-2024-9411 A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Ofcms N/A
2022-04-10 CVE-2022-27960 Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information. Ofcms 5.4
2022-04-10 CVE-2022-27961 A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box. Ofcms 5.4
2022-06-02 CVE-2022-29653 OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. Ofcms 6.1
2023-03-16 CVE-2023-24760 An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController. Ofcms 8.8
2024-01-16 CVE-2023-51807 Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component. Ofcms 5.4