Vulnerabilities > Jeesns > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-09 | CVE-2020-19284 | Cross-site Scripting vulnerability in Jeesns 1.4.2 A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field. | 3.5 |
| 2021-09-09 | CVE-2020-19281 | Cross-site Scripting vulnerability in Jeesns 1.4.2 A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. | 3.5 |
| 2018-11-11 | CVE-2018-19178 | Cross-site Scripting vulnerability in Jeesns 1.3 In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. | 3.5 |
| 2018-10-02 | CVE-2018-17886 | Cross-site Scripting vulnerability in Jeesns 1.3 An issue was discovered in JEESNS 1.3. | 3.5 |
| 2018-07-18 | CVE-2018-12429 | Cross-site Scripting vulnerability in Jeesns 1.2.1 JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie. | 3.5 |