{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1062", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-16T19:09:14.916Z", "datePublished": "2026-01-17T19:32:05.562Z", "dateUpdated": "2026-02-23T08:34:02.810Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:34:02.810Z"}, "title": "xiweicheng TMS HtmlUtil.java summary server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "Server-Side Request Forgery"}]}], "affected": [{"vendor": "xiweicheng", "product": "TMS", "versions": [{"version": "2.0", "status": "affected"}, {"version": "2.1", "status": "affected"}, {"version": "2.2", "status": "affected"}, {"version": "2.3", "status": "affected"}, {"version": "2.4", "status": "affected"}, {"version": "2.5", "status": "affected"}, {"version": "2.6", "status": "affected"}, {"version": "2.7", "status": "affected"}, {"version": "2.8", "status": "affected"}, {"version": "2.9", "status": "affected"}, {"version": "2.10", "status": "affected"}, {"version": "2.11", "status": "affected"}, {"version": "2.12", "status": "affected"}, {"version": "2.13", "status": "affected"}, {"version": "2.14", "status": "affected"}, {"version": "2.15", "status": "affected"}, {"version": "2.16", "status": "affected"}, {"version": "2.17", "status": "affected"}, {"version": "2.18", "status": "affected"}, {"version": "2.19", "status": "affected"}, {"version": "2.20", "status": "affected"}, {"version": "2.21", "status": "affected"}, {"version": "2.22", "status": "affected"}, {"version": "2.23", "status": "affected"}, {"version": "2.24", "status": "affected"}, {"version": "2.25", "status": "affected"}, {"version": "2.26", "status": "affected"}, {"version": "2.27", "status": "affected"}, {"version": "2.28.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-01-16T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-16T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-18T00:39:03.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "youran (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.341630", "name": "VDB-341630 | xiweicheng TMS HtmlUtil.java summary server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.341630", "name": "VDB-341630 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.731241", "name": "Submit #731241 | https://gitee.com/xiweicheng/tms/ Merchant Mall - Mall Development/TMS 1.0 Server-Side Request Forgery", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.731242", "name": "Submit #731242 | https://gitee.com/xiweicheng/tms/ Merchant Mall - Mall Development/TMS 1.0 Server-Side Request Forgery (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/SSRF%EF%BC%881%EF%BC%89.md", "tags": ["related"]}, {"url": "https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/SSRF%EF%BC%882%EF%BC%89.md", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-21T16:30:17.535390Z", "id": "CVE-2026-1062", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T16:30:25.721Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1062", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-21T16:30:17.535390Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T16:30:21.431Z"}}], "cna": {"title": "xiweicheng TMS HtmlUtil.java summary server-side request forgery", "credits": [{"lang": "en", "type": "reporter", "value": "youran (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "xiweicheng", "product": "TMS", "versions": [{"status": "affected", "version": "2.0"}, {"status": "affected", "version": "2.1"}, {"status": "affected", "version": "2.2"}, {"status": "affected", "version": "2.3"}, {"status": "affected", "version": "2.4"}, {"status": "affected", "version": "2.5"}, {"status": "affected", "version": "2.6"}, {"status": "affected", "version": "2.7"}, {"status": "affected", "version": "2.8"}, {"status": "affected", "version": "2.9"}, {"status": "affected", "version": "2.10"}, {"status": "affected", "version": "2.11"}, {"status": "affected", "version": "2.12"}, {"status": "affected", "version": "2.13"}, {"status": "affected", "version": "2.14"}, {"status": "affected", "version": "2.15"}, {"status": "affected", "version": "2.16"}, {"status": "affected", "version": "2.17"}, {"status": "affected", "version": "2.18"}, {"status": "affected", "version": "2.19"}, {"status": "affected", "version": "2.20"}, {"status": "affected", "version": "2.21"}, {"status": "affected", "version": "2.22"}, {"status": "affected", "version": "2.23"}, {"status": "affected", "version": "2.24"}, {"status": "affected", "version": "2.25"}, {"status": "affected", "version": "2.26"}, {"status": "affected", "version": "2.27"}, {"status": "affected", "version": "2.28.0"}]}], "timeline": [{"lang": "en", "time": "2026-01-16T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-16T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-01-18T00:39:03.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.341630", "name": "VDB-341630 | xiweicheng TMS HtmlUtil.java summary server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.341630", "name": "VDB-341630 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.731241", "name": "Submit #731241 | https://gitee.com/xiweicheng/tms/ Merchant Mall - Mall Development/TMS 1.0 Server-Side Request Forgery", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.731242", "name": "Submit #731242 | https://gitee.com/xiweicheng/tms/ Merchant Mall - Mall Development/TMS 1.0 Server-Side Request Forgery (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/SSRF%EF%BC%881%EF%BC%89.md", "tags": ["related"]}, {"url": "https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/SSRF%EF%BC%882%EF%BC%89.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:34:02.810Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1062", "state": "PUBLISHED", "dateUpdated": "2026-02-23T08:34:02.810Z", "dateReserved": "2026-01-16T19:09:14.916Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-17T19:32:05.562Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xiweicheng:teamwork_management_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "836FAB89-E919-491F-B9A9-E0B41BB67E77", "versionEndIncluding": "2.28.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en xiweicheng TMS hasta la versi\u00f3n 2.28.0. Esto afecta a la funci\u00f3n Summary del archivo src/main/java/com/lhjz/portal/util/HtmlUtil.java. Esta manipulaci\u00f3n del argumento url provoca falsificaci\u00f3n de petici\u00f3n del lado del servidor. Es posible iniciar el ataque remotamente. El exploit ha sido publicado y puede ser utilizado."}], "id": "CVE-2026-1062", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-17T20:15:53.740", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/SSRF%EF%BC%881%EF%BC%89.md"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/SSRF%EF%BC%882%EF%BC%89.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.341630"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.341630"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.731241"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.731242"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T05:33:19.352375+00:00", "value": {"mitigation_remediation": ["Upgrade xiweicheng TMS to a version newer than 2.28.0.", "Restrict the Summary function or block outbound HTTP requests from the application to only trusted hosts.", "Apply network segmentation or firewall rules to prevent the server from reaching internal resources that should be inaccessible.", "Monitor outbound traffic for suspicious requests and validate URL inputs to mitigate potential exploitation."], "summary": {"action": "Immediate Patch", "impact": "Remote Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "xiweicheng Teamwork Management System (TMS) versions up to 2.28.0 are affected. The vulnerability originates in the src/main/java/com/lhjz/portal/util/HtmlUtil.java file. No specific sub\u2011components beyond the TMS platform are mentioned, and the impact applies to any deployment of the mentioned versions.", "description_and_impact": "A flaw in the Summary method of the HtmlUtil class permits manipulation of the URL argument, enabling a server\u2011side request forgery vulnerability. By supplying a crafted URL, an attacker can cause the application to send arbitrary requests from the server, potentially accessing internal resources or facilitating further compromise. The weakness is identified as CWE\u2011918, and the vendor has documented the issue for all releases up to version 2.28.0.", "risk_and_exploitability": "CVSS score 5.3 indicates a moderate severity. The EPSS score is below 1%, suggesting low current exploitation probability, but the exploit has been published and can be triggered remotely. The vulnerability is not listed in CISA\u2019s KEV catalog. Attackers could leverage SSRF to reach internal services, exfiltrate data, or pivot to further attacks, especially if the application\u2019s network is not adequately segmented."}}}}, "created": "2026-01-19T09:19:02.723494+00:00", "updated": "2026-04-18T05:45:38.164414+00:00", "vendors": ["xiweicheng", "xiweicheng$PRODUCT$tms"]}