cbcvebase.

Xiweicheng Teamwork Management System vulnerabilities

3 known vulnerabilities affecting xiweicheng/teamwork_management_system.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-1061P2CRITICALCVSS 9.8≤ 2.28.02026-01-17
CVE-2026-1061 [CRITICAL] CWE-284 CVE-2026-1061: A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. The exploit is now public and may be used.
nvd
CVE-2026-1062P3CRITICALCVSS 9.8≤ 2.28.02026-01-17
CVE-2026-1062 [CRITICAL] CWE-918 CVE-2026-1062: A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used.
nvd
CVE-2025-14801P4MEDIUMCVSS 4.8≤ 2.28.02025-12-17
CVE-2025-14801 [MEDIUM] CWE-79 CVE-2025-14801: A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted e
nvd
Xiweicheng Teamwork Management System vulnerabilities | cvebase