N/A

A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to the arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage.

N/A

N/A

UJCMS 安全漏洞

UJCMS是dromara开源的一个 Java 开源内容管理系统。 UJCMS 9.6.3版本存在安全漏洞，该漏洞源于对URL验证不当，存在URL重定向漏洞，允许经过身份验证的攻击者将非特权用户重定向到攻击者控制的任意网页。

N/A

N/A