GCVE - cpe:2.3:a:dromara:ujcms:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:dromara:ujcms:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Dromara (`b947c778-a342-54de-aeca-3412ce9a5af8`)
Product	Ujcms (`50f37838-318f-5cdd-a110-5d0bddc67282`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2491`	vulnerable	2026-06-08 07:16:57.114017	Dromara ujcms Edit Template File Page WebFileTemplateController.java update cross site scripting LOW (2.4) A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Published: 2025-03-18T14:31:03.965Z Updated: 2025-03-18T14:54:02.247Z Open on db.gcve.eu Reference links https://vuldb.com/?id.299997 https://vuldb.com/?ctiid.299997 https://vuldb.com/?submit.517269 https://github.com/dromara/ujcms/issues/14	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-2490`	vulnerable	2026-06-08 07:16:57.112393	Dromara ujcms File Upload WebFileUploadController.java upload cross site scripting LOW (2.4) A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Published: 2025-03-18T14:00:07.337Z Updated: 2025-03-18T14:13:20.110Z Open on db.gcve.eu Reference links https://vuldb.com/?id.299996 https://vuldb.com/?ctiid.299996 https://vuldb.com/?submit.517267 https://github.com/dromara/ujcms/issues/12 https://github.com/dromara/ujcms/issues/13	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12483`	vulnerable	2026-06-08 06:25:35.362461	Dromara UJCMS User ID id authorization LOW (3.7) A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Published: 2024-12-11T20:00:15.323Z Updated: 2024-12-11T21:27:41.611Z Open on db.gcve.eu Reference links https://vuldb.com/?id.287865 https://vuldb.com/?ctiid.287865 https://vuldb.com/?submit.458895 https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/IDOR-UsernameEnumeration.md	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.