Vulnerabilities > Jeecg

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2021-44585 Cross-site Scripting vulnerability in Jeecg Boot 3.0
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
network
low complexity
jeecg CWE-79
6.1
2022-02-16 CVE-2022-22880 SQL Injection vulnerability in Jeecg Boot 2.3/3.0
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
network
low complexity
jeecg CWE-89
critical
9.8
2022-02-16 CVE-2022-22881 SQL Injection vulnerability in Jeecg Boot 2.3/3.0
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
network
low complexity
jeecg CWE-89
critical
9.8
2022-01-25 CVE-2021-46089 SQL Injection vulnerability in Jeecg Boot 3.0
In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.
network
low complexity
jeecg CWE-89
critical
9.8
2021-12-27 CVE-2020-20948 Exposure of Resource to Wrong Sphere vulnerability in Jeecg 3.8
An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.
network
low complexity
jeecg CWE-668
7.5
2021-08-06 CVE-2020-28087 SQL Injection vulnerability in Jeecg Boot 2.3
A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information.
network
low complexity
jeecg CWE-89
7.5
2021-08-06 CVE-2020-28088 Unrestricted Upload of File with Dangerous Type vulnerability in Jeecg Boot 2.3
An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code.
network
low complexity
jeecg CWE-434
critical
9.8