Vulnerabilities > Jpress

DATE CVE VULNERABILITY TITLE RISK
2021-06-18 CVE-2021-33347 Cross-site Scripting vulnerability in Jpress 1.0/1.0.4
An issue was discovered in JPress v3.3.0 and below.
network
jpress CWE-79
3.5
2019-01-14 CVE-2019-6278 Cross-site Scripting vulnerability in Jpress 1.0.4
XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.
network
jpress CWE-79
3.5
2018-11-11 CVE-2018-19170 Cross-site Scripting vulnerability in Jpress 1.0
In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter.
network
jpress CWE-79
3.5