Vulnerabilities > Jeesns

DATE CVE VULNERABILITY TITLE RISK
2021-09-09 CVE-2020-19290 Cross-site Scripting vulnerability in Jeesns 1.4.2
A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section.
network
jeesns CWE-79
3.5
2021-09-09 CVE-2020-19291 Cross-site Scripting vulnerability in Jeesns 1.4.2
A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo.
network
jeesns CWE-79
3.5
2021-09-09 CVE-2020-19292 Cross-site Scripting vulnerability in Jeesns 1.4.2
A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.
network
jeesns CWE-79
3.5
2021-09-09 CVE-2020-19293 Cross-site Scripting vulnerability in Jeesns 1.4.2
A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article.
network
jeesns CWE-79
3.5
2021-09-09 CVE-2020-19294 Cross-site Scripting vulnerability in Jeesns 1.4.2
A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.
network
jeesns CWE-79
3.5
2021-09-09 CVE-2020-19295 Cross-site Scripting vulnerability in Jeesns 1.4.2
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
network
jeesns CWE-79
4.3
2021-04-29 CVE-2020-18035 Cross-site Scripting vulnerability in Jeesns 1.4.2
Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java".
network
jeesns CWE-79
4.3
2018-11-11 CVE-2018-19178 Cross-site Scripting vulnerability in Jeesns 1.3
In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886.
network
jeesns CWE-79
3.5
2018-10-02 CVE-2018-17886 Cross-site Scripting vulnerability in Jeesns 1.3
An issue was discovered in JEESNS 1.3.
network
jeesns CWE-79
3.5
2018-07-18 CVE-2018-12429 Cross-site Scripting vulnerability in Jeesns 1.2.1
JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie.
network
jeesns CWE-79
3.5