Lucene search
K

95 matches found

Cvelist
Cvelist
added 2018/11/26 7:0 a.m.14 views

CVE-2018-19545

JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user...

8.7AI score0.00494EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/26 7:0 a.m.22 views

CVE-2018-19544

JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news...

6.5AI score0.00422EPSS
Exploits1References1
CVE
CVE
added 2018/11/26 7:0 a.m.46 views

CVE-2018-19544

JEECMS 9.3 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that can be triggered via the api/admin/content/save URI to add news. The issue is documented across multiple sources (NVD/NVD mirror and CVE listings). The vulnerability details are focused on CSRF in JEECMS 9.3; no expl...

6.5CVSS6.5AI score0.00422EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/11/26 7:0 a.m.46 views

CVE-2018-19545

JEECMS 9.3 contains a CSRF vulnerability in the admin endpoint api/admin/role/save that can be abused to add a new user. Root cause is CSRF on the user-creation pathway; impact is user creation with high severity (CVSS3 base score 8.8) as cited in the CVE record. Exploitation details or fix are n...

8.8CVSS8.6AI score0.00494EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/11/26 12:0 a.m.5 views

JEECMS Cross-Site Request Forgery Vulnerability

JEECMS is a set of China Jinlei Technology Development Corporation using Java language development of content management systems CMS. A cross-site request forgery vulnerability exists in JEECMS version 9.3. A remote attacker can use api/admin/role/save URI to add users...

8.8CVSS8.9AI score0.00494EPSS
Exploits1References1
Prion
Prion
added 2018/11/05 9:29 a.m.11 views

Design/Logic Flaw

JEECMS 9.3 has XSS via an index.do/content/update?type=update URI...

3.5CVSS4.8AI score0.00642EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/11/05 9:29 a.m.17 views

CVE-2018-18952

JEECMS 9.3 has XSS via an index.do/content/update?type=update URI...

4.8CVSS5AI score0.00642EPSS
Exploits1References1
OSV
OSV
added 2018/11/05 9:29 a.m.5 views

CVE-2018-18952

JEECMS 9.3 has XSS via an index.do/content/update?type=update URI...

4.8CVSS5.8AI score0.00642EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/05 9:0 a.m.19 views

CVE-2018-18952

JEECMS 9.3 has XSS via an index.do/content/update?type=update URI...

5AI score0.00642EPSS
Exploits1References1
CVE
CVE
added 2018/11/05 9:0 a.m.39 views

CVE-2018-18952

The connected sources confirm CVE-2018-18952 affects JEECMS 9.3 with a cross-site scripting (XSS) vulnerability exploitable via the index.do#/content/update?type=update URI. The underlying issue is an XSS flaw in that endpoint, enabling injected script in user-controlled content. The available do...

4.8CVSS4.9AI score0.00642EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/09/28 12:0 a.m.3 views

File Upload Vulnerability in JEECMS v9.3

JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...

7.1AI score
Exploits0
CNVD
CNVD
added 2018/09/18 12:0 a.m.2 views

Stored Cross-Site Scripting Vulnerability in JEECMS Version 9.3

JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...

6.3AI score
Exploits0
CNVD
CNVD
added 2018/03/05 12:0 a.m.1 views

Stored Cross-Site Scripting Vulnerability at jeecms Modify Profile

jeecms is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with payment and financial settlement of the content management system. jeecms modified...

6.2AI score
Exploits0
CNVD
CNVD
added 2018/02/26 12:0 a.m.2 views

Stored Cross-Site Scripting Vulnerability at jeecms Published Articles

JEECMS is a content management system developed by Jiangxi Jinlei Technology Development Co., Ltd. that supports WeChat applet, WeChat public number/service number, column model, cross-customization of content model, as well as with payment and financial settlement. A stored cross-site scripting...

6.3AI score
Exploits0
CNVD
CNVD
added 2018/02/09 12:0 a.m.1 views

Information leakage vulnerability in jeecms version 9.2

JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...

6.6AI score
Exploits0
CNVD
CNVD
added 2018/02/09 12:0 a.m.2 views

Arbitrary file upload vulnerability in jeecms version 9.2

JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...

7.1AI score
Exploits0
CNVD
CNVD
added 2018/02/09 12:0 a.m.3 views

jeecms version 9.2 has xml external entity injection vulnerability

JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...

7AI score
Exploits0
CNVD
CNVD
added 2018/02/08 12:0 a.m.3 views

Deserialization Command Execution Vulnerability in jeecms version 9.2

JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...

7.7AI score
Exploits0
CNVD
CNVD
added 2017/07/20 12:0 a.m.1 views

Multiple Vulnerabilities in JeeCMS v8.1 Template Management Function

JEECMS is a JEECMSv8.1 version is a collection of PC Internet, mobile Internet and WeChat website in one of the website group management system. JeeCMS v8.1 template management function exists file write, arbitrary file naming, arbitrary file creation vulnerability. An attacker can exploit the...

7.3AI score
Exploits0
CNVD
CNVD
added 2017/07/19 12:0 a.m.0 views

JeeCMS v8.1 SQL Injection Vulnerability in Background Data Restore Function

JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program , WeChat public number / service number , column model , content model cross-customization , as well as with payment and financial settlement of the content of the e-commerce as one of the conte...

7.8AI score
Exploits0
Rows per page
Query Builder