95 matches found
CVE-2018-19545
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user...
CVE-2018-19544
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news...
CVE-2018-19544
JEECMS 9.3 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that can be triggered via the api/admin/content/save URI to add news. The issue is documented across multiple sources (NVD/NVD mirror and CVE listings). The vulnerability details are focused on CSRF in JEECMS 9.3; no expl...
CVE-2018-19545
JEECMS 9.3 contains a CSRF vulnerability in the admin endpoint api/admin/role/save that can be abused to add a new user. Root cause is CSRF on the user-creation pathway; impact is user creation with high severity (CVSS3 base score 8.8) as cited in the CVE record. Exploitation details or fix are n...
JEECMS Cross-Site Request Forgery Vulnerability
JEECMS is a set of China Jinlei Technology Development Corporation using Java language development of content management systems CMS. A cross-site request forgery vulnerability exists in JEECMS version 9.3. A remote attacker can use api/admin/role/save URI to add users...
Design/Logic Flaw
JEECMS 9.3 has XSS via an index.do/content/update?type=update URI...
CVE-2018-18952
JEECMS 9.3 has XSS via an index.do/content/update?type=update URI...
CVE-2018-18952
JEECMS 9.3 has XSS via an index.do/content/update?type=update URI...
CVE-2018-18952
JEECMS 9.3 has XSS via an index.do/content/update?type=update URI...
CVE-2018-18952
The connected sources confirm CVE-2018-18952 affects JEECMS 9.3 with a cross-site scripting (XSS) vulnerability exploitable via the index.do#/content/update?type=update URI. The underlying issue is an XSS flaw in that endpoint, enabling injected script in user-controlled content. The available do...
File Upload Vulnerability in JEECMS v9.3
JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...
Stored Cross-Site Scripting Vulnerability in JEECMS Version 9.3
JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...
Stored Cross-Site Scripting Vulnerability at jeecms Modify Profile
jeecms is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with payment and financial settlement of the content management system. jeecms modified...
Stored Cross-Site Scripting Vulnerability at jeecms Published Articles
JEECMS is a content management system developed by Jiangxi Jinlei Technology Development Co., Ltd. that supports WeChat applet, WeChat public number/service number, column model, cross-customization of content model, as well as with payment and financial settlement. A stored cross-site scripting...
Information leakage vulnerability in jeecms version 9.2
JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...
Arbitrary file upload vulnerability in jeecms version 9.2
JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...
jeecms version 9.2 has xml external entity injection vulnerability
JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...
Deserialization Command Execution Vulnerability in jeecms version 9.2
JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...
Multiple Vulnerabilities in JeeCMS v8.1 Template Management Function
JEECMS is a JEECMSv8.1 version is a collection of PC Internet, mobile Internet and WeChat website in one of the website group management system. JeeCMS v8.1 template management function exists file write, arbitrary file naming, arbitrary file creation vulnerability. An attacker can exploit the...
JeeCMS v8.1 SQL Injection Vulnerability in Background Data Restore Function
JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program , WeChat public number / service number , column model , content model cross-customization , as well as with payment and financial settlement of the content of the e-commerce as one of the conte...