Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

PublicCMS — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in PublicCMS, with AI-generated Chinese analysis, references, and POCs.

This page documents security weaknesses associated with the PublicCMS open-source content management system. It serves as a centralized resource for tracking known vulnerabilities reported in public databases and vendor advisories related to this specific Java-based web application. The collection focuses on various vulnerability classes including cross-site scripting, SQL injection, remote code execution, and improper access control issues found within the PublicCMS software suite. The data spans from the product's initial public releases through recent updates, capturing the historical evolution of security flaws discovered by independent researchers, security firms, and the official vendor. This time range ensures a comprehensive view of how vulnerabilities have been identified, disclosed, and remediated over the years. Visitors to this page can track the vendor’s security advisories to understand the timeline of disclosed issues and the pace of patch deployment. Users may also explore the distribution of weakness classes to understand the most common attack surfaces within the codebase. Furthermore, developers and security auditors can look up the specific vulnerability history of PublicCMS to assess risk exposure in their own environments. By aggregating these details, the page provides context for evaluating the overall security posture of the software, helping stakeholders make informed decisions about upgrading, patching, or replacing the system based on its track record of maintaining stability and addressing critical flaws.

Vendor: sanluan

CVE IDTitleCVSSSeverityPublished
CVE-2026-8740 Sanluan PublicCMS templateResult API TemplateResultDirective.java execute special elements used in a template engine CWE-1336 6.3 Medium2026-05-17
CVE-2026-8739 Sanluan PublicCMS SafeConfigComponent.java getSignKey hard-coded key CWE-321 5.3 Medium2026-05-17
CVE-2026-8738 Sanluan PublicCMS Trade Payment Flow TradeOrderController.java AccountGatewayComponent.pay logic error CWE-840 6.5 Medium2026-05-17
CVE-2026-8737 Sanluan PublicCMS Trade Address Query TradeAddressListDirective.java execute missing authentication CWE-306 5.3 Medium2026-05-17
CVE-2026-6797 Sanluan PublicCMS DocToHtmlUtils.java ZipSecureFile.setMinflateRatio resource consumption CWE-400 4.3 Medium2026-04-21
CVE-2026-6796 Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file CWE-313 4.3 Medium2026-04-21
CVE-2026-5987 Sanluan PublicCMS FreeMarker Template AbstractFreemarkerView.java AbstractFreemarkerView.doRender special elements used in a template engine CWE-1336 4.7 Medium2026-04-09
CVE-2026-3289 Sanluan PublicCMS Template Cache Generation TemplateCacheComponent.java saveMetadata path traversal CWE-22 6.3 Medium2026-02-27
CVE-2026-2010 Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization CWE-285 4.2 Medium2026-02-06
CVE-2026-1112 Sanluan PublicCMS Trade Address Deletion Endpoint TradeAddressController.java delete improper authorization CWE-285 5.4 Medium2026-01-18
CVE-2026-1111 Sanluan PublicCMS Task Template Management TaskTemplateAdminController.java save path traversal CWE-22 4.7 Medium2026-01-18
CVE-2025-7953 Sanluan PublicCMS viewer.html redirect CWE-601 3.5 Low2025-07-22
CVE-2025-7949 Sanluan PublicCMS preview.html redirect CWE-601 3.5 Low2025-07-22
CVE-2024-11070 Sanluan PublicCMS Tag Type save cross site scripting CWE-79 3.5 Low2024-11-11
CVE-2022-3950 sanluan PublicCMS Tab dwz.min.js initLink cross site scripting CWE-707 3.5 Low2022-11-11

All 15 known CVE vulnerabilities affecting PublicCMS with full Chinese analysis, references, and POCs where available.