An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-10-02T18:00:00
Updated: 2024-08-05T11:01:14.391Z
Reserved: 2018-10-02T00:00:00
Link: CVE-2018-17886
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-10-02T18:29:02.913
Modified: 2018-11-16T21:12:06.973
Link: CVE-2018-17886
Redhat
No data.