Filtered by vendor Jeesns
Subscriptions
Filtered by product Jeesns
Subscriptions
Total
21 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19178 | 1 Jeesns | 1 Jeesns | 2024-08-05 | N/A |
| In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. | ||||
| CVE-2018-17886 | 1 Jeesns | 1 Jeesns | 2024-08-05 | N/A |
| An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429. | ||||
| CVE-2018-12429 | 1 Jeesns | 1 Jeesns | 2024-08-05 | N/A |
| JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie. | ||||
| CVE-2020-19291 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo. | ||||
| CVE-2020-19288 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message. | ||||
| CVE-2020-19281 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. | ||||
| CVE-2020-19292 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question. | ||||
| CVE-2020-19289 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab. | ||||
| CVE-2020-19286 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor. | ||||
| CVE-2020-19290 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section. | ||||
| CVE-2020-19283 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-19280 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 8.8 High |
| Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. | ||||
| CVE-2020-19284 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field. | ||||
| CVE-2020-19282 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. | ||||
| CVE-2020-19287 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title. | ||||
| CVE-2020-19294 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section. | ||||
| CVE-2020-19285 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field. | ||||
| CVE-2020-19293 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article. | ||||
| CVE-2020-19295 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2020-18035 | 1 Jeesns | 1 Jeesns | 2024-08-04 | 6.1 Medium |
| Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java". | ||||