Home/Product/ujcms
Product

ujcms

20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-2954
all versions
A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/
6.3MEDIUM
 CVE-2026-2953
all versions
A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplate
5.4MEDIUM
 CVE-2025-2491
all versions
A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /mai
2.4LOW
 CVE-2025-2490
all versions
A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZ
2.4LOW
 CVE-2025-25772
>= 9.0.0 and <= 9.5.0
A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitra
5.1MEDIUM
 CVE-2024-55452
all versions
A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block
5.4MEDIUM
 CVE-2024-55451
all versions
A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3
4.8MEDIUM
 CVE-2024-12483
< 9.6.3
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /u
3.7LOW
 CVE-2024-1257
all versions
A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /e
3.5LOW
 CVE-2024-1256
all versions
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file
3.5LOW
 CVE-2024-0599
all versions
A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown fun
3.5LOW
 CVE-2023-51806
all versions
File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file.
5.4MEDIUM
 CVE-2023-51350
all versions
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a craft
9.8CRITICAL
 CVE-2023-34878
all versions
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/
7.5HIGH
 CVE-2023-34865
all versions
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature.
9.8CRITICAL
 CVE-2023-34747
all versions
File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload.
9.8CRITICAL
 CVE-2023-3231
<= 6.0.2
A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the
3.1LOW
 CVE-2023-24369
>= 4.1.3 and < 5.5.1
A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting
6.1MEDIUM
 CVE-2022-28090
all versions
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
6.5MEDIUM
 CVE-2022-23329
all versions
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary co
9.8CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin