CVE-2025-2490

Sažetak

A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Reference

https://github.com/dromara/ujcms/issues/12
https://github.com/dromara/ujcms/issues/13
https://vuldb.com/?ctiid.299996
https://vuldb.com/?id.299996
https://vuldb.com/?submit.517267

CVSS

Base:	3.3
Impact:	2.9
Exploitability:	6.4

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:M/C:N/I:P/A:N

Zadnje važnije ažuriranje

18-03-2025 - 14:15

Objavljeno

18-03-2025 - 14:15