| BDSA-2016-0961 |
|
High |
Nov 30, 2017 |
MeshCMS is an online editing system written in Java, and it is prone to cross-site scripting (*XSS*) attack in `echo.jsp` file.
This vulnerability exi
more...
MeshCMS is an online editing system written in Java, and it is prone to cross-site scripting (*XSS*) attack in `echo.jsp` file.
This vulnerability exists due to not properly sanitizing user-supplied `fullsrc` parameter.
This open source project seems to be inactive since last release. (May, 2011)
less...
|
|
| BDSA-2016-0959 |
|
Medium |
Nov 30, 2017 |
MeshCMS is an online editing system written in Java, and it is prone to arbitrary code execution via unrestricted file type upload vulnerability in `up
more...
MeshCMS is an online editing system written in Java, and it is prone to arbitrary code execution via unrestricted file type upload vulnerability in `upload2.jsp`.
This vulnerability exists due to not escaping from user-supplied dangerous file types.
Note: This open source project seems to be inactive and unsupported since last release (May, 2011).
less...
|
|
| BDSA-2016-0958 |
|
Medium |
Nov 30, 2017 |
MeshCMS is an online editing system written in Java, and it is prone to information disclosure due to path traversal vulnerability in `DownloadServlet`
more...
MeshCMS is an online editing system written in Java, and it is prone to information disclosure due to path traversal vulnerability in `DownloadServlet`.
This vulnerability exists due to not sanitizing user-supplied `filename` parameter.
Note: This open source project seems to be inactive since last release. (May, 2011).
less...
|
|
| BDSA-2016-0789 |
|
Critical |
Nov 20, 2017 |
MeshCMS is a content management system (*CMS*) for web applications. A vulnerability in the package related to `staticexport2.jsp` enables an attacker
more...
MeshCMS is a content management system (*CMS*) for web applications. A vulnerability in the package related to `staticexport2.jsp` enables an attacker to inject and execute commands remotely via a cross-site scripting (*XSS*) attack. This vulnerability can be exploited to gain access to confidential data such as a system's `/etc/passwd` file or database configurations. The arbitrary commands could also alter data on the system or disable it entirely. The vulnerability is possible due to the `exportCommand` incorrectly sanitizing its input.
less...
|
|
