Vulnerabilities > Jeesns > Jeesns > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-09 | CVE-2020-19280 | Cross-Site Request Forgery (CSRF) vulnerability in Jeesns 1.4.2 Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. | 6.8 |
| 2021-09-09 | CVE-2020-19282 | Cross-site Scripting vulnerability in Jeesns 1.4.2 A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. | 4.3 |
| 2021-09-09 | CVE-2020-19283 | Cross-site Scripting vulnerability in Jeesns 1.4.2 A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. | 4.3 |
| 2021-09-09 | CVE-2020-19295 | Cross-site Scripting vulnerability in Jeesns 1.4.2 A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. | 4.3 |
| 2021-04-29 | CVE-2020-18035 | Cross-site Scripting vulnerability in Jeesns 1.4.2 Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java". | 4.3 |