cbcvebase.

E-Excellence Inc U-Office Force vulnerabilities

7 known vulnerabilities affecting e-excellence_inc/u-office_force.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2022-39022P3MEDIUMCVSS 6.5≥ unspecified, ≤ 20.50.7821D Build:202104sp12022-10-31
CVE-2022-39022 [MEDIUM] CWE-22 CVE-2022-39022: U-Office Force Download function has a path traversal vulnerability. A remote attacker with general U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file.
nvd
CVE-2022-39023P3MEDIUMCVSS 6.5≥ unspecified, ≤ 20.50.7821D Build:202104sp12022-10-31
CVE-2022-39023 [MEDIUM] CWE-22 CVE-2022-39023: U-Office Force Download function has a path traversal vulnerability. A remote attacker with general U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file.
nvd
CVE-2022-39021P4MEDIUMCVSS 6.1≥ unspecified, ≤ 20.50.7821D Build:202104sp12022-10-31
CVE-2022-39021 [MEDIUM] CWE-601 CVE-2022-39021: U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website.
nvd
CVE-2022-39025P4MEDIUMCVSS 6.1≥ unspecified, ≤ 20.50.7821D Build:202104sp12022-10-31
CVE-2022-39025 [MEDIUM] CWE-79 CVE-2022-39025: U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthent U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.
nvd
CVE-2022-39024P4MEDIUMCVSS 6.1≥ unspecified, ≤ 20.50.7821D Build:202104sp12022-10-31
CVE-2022-39024 [MEDIUM] CWE-79 CVE-2022-39024: U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticat U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.
nvd
CVE-2022-39027P4MEDIUMCVSS 5.4≥ unspecified, ≤ 20.50.7821D Build:202104sp12022-10-31
CVE-2022-39027 [MEDIUM] CWE-79 CVE-2022-39027: U-Office Force Forum function has insufficient filtering for special characters. A remote attacker w U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack.
nvd
CVE-2022-39026P4MEDIUMCVSS 5.4≥ unspecified, ≤ 20.50.7821D Build:202104sp12022-10-31
CVE-2022-39026 [MEDIUM] CWE-79 CVE-2022-39026: U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack.
nvd
E-Excellence Inc U-Office Force vulnerabilities | cvebase