SecAlerts
CVE ListPricingSign Up
ujcms logo

ujcms

Security Risk Profile

51
/100
medium

Security Risk Score

Comprehensive risk assessment based on 20 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from February 4, 2022 to present

20
Total CVEs
8
Critical+High
1
Exploited
8
Unpatched

Threat Assessment

Avg CVSS
7
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
8
Critical/High
Risk Level
51/100
medium
⚠️ 1 Active Exploits

Severity Distribution

Critical
6
High
2
Medium
12
Low
0

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
6

Age Distribution

Common Weaknesses (CWE)

1
XSS
7
2
Malicious File Upload
3
3
Path Traversal
2
4
Code Injection
2
5
CSRF
1

Most Affected Products

1. UJCMS UJCMS11
2. Ujcms Ujcms6
3. Ujcms Jspxcms6
4. Dromara ujcms4
5. Jspxcms Jspxcms1

Recent Vulnerabilities

See more →
CVE-2026-2954
CVSS 9.8EPSS 0%critical

Dromara UJCMS ImportDataController import-channel importChanel injection

2/22/2026🔧 No Patch
CVE-2026-2953
CVSS 9.1EPSS 0%critical

Dromara UJCMS Template WebFileTemplateController.delete deleteDirectory path traversal

2/22/2026🔧 No Patch
CVE-2025-2491
CVSS 5.4medium

Dromara ujcms Edit Template File Page WebFileTemplateController.java update cross site scripting

3/18/2025🔧 No Patch
CVE-2025-2490
CVSS 5.4medium

Dromara ujcms File Upload WebFileUploadController.java upload cross site scripting

3/18/2025🔧 No Patch
CVE-2025-25772
CVSS 5.1EPSS 0%medium
2/21/2025🔧 No Patch
CVE-2024-55452
CVSS 5.4medium
12/16/2024🔧 No Patch
CVE-2024-55451
CVSS 4.8medium
12/16/2024🔧 No Patch
CVE-2024-12483
CVSS 6.3medium

Dromara UJCMS User ID id authorization

12/11/2024⚠ Exploited🔧 No Patch
CVE-2024-1257
CVSS 6.1EPSS 0%medium

Jspxcms find_text.do cross site scripting

2/6/2024🔧 No Patch
CVE-2024-1256
CVSS 4.3EPSS 0%medium

Jspxcms filter_text.do cross site scripting

2/6/2024🔧 No Patch

Monitor ujcms in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.