Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to the arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
UJCMS 安全漏洞
Vulnerability Description
UJCMS是dromara开源的一个 Java 开源内容管理系统。 UJCMS 9.6.3版本存在安全漏洞,该漏洞源于对URL验证不当,存在URL重定向漏洞,允许经过身份验证的攻击者将非特权用户重定向到攻击者控制的任意网页。
CVSS Information
N/A
Vulnerability Type
N/A