95 matches found
CVE-2020-20799
The provided connected documents confirm a stored cross-site scripting (XSS) vulnerability in JeeCMS 1.0.1, allowing an attacker to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter. The CVE description consistently describes this issue as JeeCMS 1.0.1’s lac...
CVE-2020-20799
JeeCMS 1.0.1 contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter...
JeeCMS 跨站脚本漏洞
Jeecms is a content management system CMS developed in Java by China's Jinlei Technology Development Jeecms Company. A cross-site scripting vulnerability exists in JeeCMS version 1.0, which stems from the software's lack of effective filtering and validation of the commentText parameter. This...
Jeecms background exists arbitrary file download vulnerability
jeecms is a content management system developed by Jiangxi Jinlei Technology Development Co., Ltd. that supports WeChat applets, WeChat public/service numbers, column models, content model cross-customization, and content e-commerce with payment and financial settlement. jeecms background exists...
Stored Cross-Site Scripting Vulnerability in jeecms
jeecms is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with payment and financial settlement of the content of the e-commerce as one of the content...
XSS vulnerability in jeecms
jeecms is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with payment and financial settlement of the content of the e-commerce as one of the content...
File Upload Vulnerability in Jeecms v9.3 Backend
JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...
jeecms JSPGOU single-store version v6.0 has multiple stored cross-site scripting vulnerabilities
jspgou is based on java technology development of e-commerce management software. There are multiple stored cross-site scripting vulnerabilities in jeecms JSPGOU Single Store Edition v6.0. Due to the front-end input filtering is not strict, the background operation is not verified source, allowin...
CVE-2018-20528
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter...
CVE-2018-20528
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter...
Design/Logic Flaw
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter...
CVE-2018-20528
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter...
CVE-2018-20528
The CVE-2018-20528 entry affects JEECMS 9 and describes a Server-Side Request Forgery (SSRF) via the ueditor/getRemoteImage.jspx upfile parameter. Connected records confirm the vulnerability is centered on JEECMS 9 and the SSRF condition in the upfile parameter, with an impact that includes Parti...
Cross site request forgery (csrf)
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user...
CVE-2018-19544
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news...
CVE-2018-19545
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user...
Cross site request forgery (csrf)
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news...
CVE-2018-19545
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user...
CVE-2018-19544
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news...
CVE-2018-19545
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user...