Vulnerabilities > Jpress

DATE CVE VULNERABILITY TITLE RISK
2022-01-13 CVE-2021-45806 Code Injection vulnerability in Jpress 4.2.0
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.
network
low complexity
jpress CWE-94
8.8
2021-06-18 CVE-2021-33347 Cross-site Scripting vulnerability in Jpress
An issue was discovered in JPress v3.3.0 and below.
network
low complexity
jpress CWE-79
5.4
2019-01-14 CVE-2019-6278 Cross-site Scripting vulnerability in Jpress 1.0.4
XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.
network
low complexity
jpress CWE-79
5.4
2018-11-11 CVE-2018-19170 Cross-site Scripting vulnerability in Jpress 1.0
In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter.
network
low complexity
jpress CWE-79
4.8