Daytimeheaven

**Name of the Vulnerable Software and Affected Versions** westboy CicadasCMS versions up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab **Description** A weakness in the Task Scheduling Management Module allows for remote cross-site scripting (XSS), which is a technique where malicious scripts are injected into trusted websites. The issue exists within a function in the file `src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CordysCRM versions prior to 1.7.0 **Description** Cross site scripting can be initiated remotely via the manipulation of the `Description` argument within the `Save()` function of the `src/main/java/cn/cordys/crm/system/service/ModuleFormService.java` file, which is part of the `ModuleFormController` component. **Recommendations** Update to version 1.7.0.

**Name of the Vulnerable Software and Affected Versions** 1Panel-dev CordysCRM versions prior to 1.7.0 **Description** An issue exists in the file `backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java` that allows for remote cross-site scripting (XSS), a technique where malicious scripts are injected into trusted websites. **Recommendations** Upgrade to version 1.7.0.

**Name of the Vulnerable Software and Affected Versions** OFCMS version 1.1.3 **Description** A SQL injection flaw exists in the JSON Query Interface of the software. This issue occurs within the `Query()` function located in the `ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSysUserController.java` file. A remote attacker can manipulate this function to execute unauthorized SQL commands. **Recommendations** As a temporary workaround, restrict access to the `Query()` function in the `SysUserController.java` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OFCMS version 1.1.3 **Description** A SQL injection flaw exists in the JSON Query Interface component. The issue is located in the `Query()` function within the file `ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemParamController.java`. This flaw allows a remote attacker to manipulate queries via the system parameter controller. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `Query()` function in the `SystemParamController.java` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OFCMS versions prior to 1.1.4 **Description** A security flaw allows remote attackers to perform SQL injection, which is a technique used to manipulate database queries. The issue exists within the `Query()` function of the `ComnController` component, specifically in the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollerComnController.java. The flaw is triggered by manipulating the `system.user.query` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `Query()` function in the `ComnController` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OFCMS version 1.1.3 **Description** An issue in the JSON Query Interface allows for remote SQL injection. This occurs within the `Query()` function located in the `ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemDictController.java` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TaleLin lin-cms-spring-boot versions prior to 0.2.2 **Description** Improper access controls exist in the book endpoint within the file `src/main/java/io/github/talelin/latticy/controller/v1/BookController.java`. This issue allows a remote attacker to bypass security restrictions due to improper processing of requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Westboy CicadasCMS versions up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab **Description** A cross site scripting issue exists in the `Search()` function within the file org/springframework/cache/support/AbstractCacheManager.java. The flaw is triggered by the manipulation of the `s` argument, allowing for remote exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.