Vulnerabilities > Jeesns
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-09 | CVE-2020-19289 | Cross-site Scripting vulnerability in Jeesns 1.4.2 A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab. | 5.4 |
| 2021-09-09 | CVE-2020-19290 | Cross-site Scripting vulnerability in Jeesns 1.4.2 A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section. | 5.4 |
| 2021-09-09 | CVE-2020-19291 | Cross-site Scripting vulnerability in Jeesns 1.4.2 A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo. | 5.4 |
| 2021-09-09 | CVE-2020-19292 | Cross-site Scripting vulnerability in Jeesns 1.4.2 A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question. | 5.4 |
| 2021-09-09 | CVE-2020-19293 | Cross-site Scripting vulnerability in Jeesns 1.4.2 A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article. | 5.4 |
| 2021-09-09 | CVE-2020-19294 | Cross-site Scripting vulnerability in Jeesns 1.4.2 A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section. | 5.4 |
| 2021-09-09 | CVE-2020-19295 | Cross-site Scripting vulnerability in Jeesns 1.4.2 A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. | 6.1 |
| 2021-04-29 | CVE-2020-18035 | Cross-site Scripting vulnerability in Jeesns 1.4.2 Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java". | 6.1 |
| 2018-11-11 | CVE-2018-19178 | Cross-site Scripting vulnerability in Jeesns 1.3 In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. | 5.4 |
| 2018-10-02 | CVE-2018-17886 | Cross-site Scripting vulnerability in Jeesns 1.3 An issue was discovered in JEESNS 1.3. | 5.4 |