Vulnerabilities > Jeesns > Jeesns > 1.4.2

DATE CVE VULNERABILITY TITLE RISK
2021-09-09 CVE-2020-19290 Cross-site Scripting vulnerability in Jeesns 1.4.2
A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section.
network
jeesns CWE-79
3.5
3.5
2021-09-09 CVE-2020-19291 Cross-site Scripting vulnerability in Jeesns 1.4.2
A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo.
network
jeesns CWE-79
3.5
3.5
2021-09-09 CVE-2020-19292 Cross-site Scripting vulnerability in Jeesns 1.4.2
A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.
network
jeesns CWE-79
3.5
3.5
2021-09-09 CVE-2020-19293 Cross-site Scripting vulnerability in Jeesns 1.4.2
A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article.
network
jeesns CWE-79
3.5
3.5
2021-09-09 CVE-2020-19294 Cross-site Scripting vulnerability in Jeesns 1.4.2
A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.
network
jeesns CWE-79
3.5
3.5
2021-09-09 CVE-2020-19295 Cross-site Scripting vulnerability in Jeesns 1.4.2
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
network
jeesns CWE-79
4.3
4.3
2021-04-29 CVE-2020-18035 Cross-site Scripting vulnerability in Jeesns 1.4.2
Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java".
network
jeesns CWE-79
4.3
4.3