CVE-2025-2490 | Dromara ujcms 9.7.5 File Upload WebFileUploadController.java uploadZip/upload Cross site scripting (12/13)
A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. The manipulation leads to Cross site scripting.
This vulnerability is handled as CVE-2025-2490. The attack may be launched remotely. Furthermore, there is an exploit available.