Lucene search
+L

224 matches found

NVD
NVD
added 2026/02/23 9:19 p.m.12 views

CVE-2026-3026

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

7.5CVSS0.00351EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/23 9:2 p.m.29 views

CVE-2026-3027 erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting

A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The explo...

5.3CVSS0.00289EPSS
Exploits1References4
CVE
CVE
added 2026/02/23 9:2 p.m.20 views

CVE-2026-3027

Vulnerability summary (CVE-2026-3027) : In erzhongxmu JEEWMS (up to 3.7), the UEditor component’s file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp is vulnerable. Manipulating the myEditor argument yields a cross-site scripting flaw that can be exploited remotely. Public exploit code exists...

6.1CVSS3.9AI score0.00289EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/23 8:2 p.m.6 views

CVE-2026-3026 erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

7.5CVSS5.2AI score0.00351EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/23 8:2 p.m.30 views

CVE-2026-3026 erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

7.5CVSS0.00351EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.8 views

JeeWMS 代码注入漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. JeeWMS versions 3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of parameters in the file...

6.1CVSS5.7AI score0.00308EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.9 views

JeeWMS 代码注入漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Versions of JeeWMS 3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the parameter ‘myEditor’ in the file...

6.1CVSS5.7AI score0.00289EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.13 views

JeeWMS 代码问题漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Version 3.7 of JeeWMS contains code vulnerabilities. These vulnerabilities stem from improper handling of the upfile parameter in the component UEditor’s file/plug-in/ueditor/jsp/getRemoteImage.jsp, which...

7.5CVSS7.2AI score0.00351EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.14 views

PT-2026-21560

Name of the Vulnerable Software and Affected Versions erzhongxmu JEEWMS versions up to 3.7 Description A flaw exists in erzhongxmu JEEWMS, specifically within the UEditor component, affecting the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp. The myEditor argument can be manipulated to...

5.3CVSS3.6AI score0.00289EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.14 views

PT-2026-21567

Name of the Vulnerable Software and Affected Versions erzhongxmu JEEWMS versions up to 3.7 Description A flaw exists in erzhongxmu JEEWMS that allows for cross site scripting. The issue is located in the doAdd function within the file...

5.3CVSS3.4AI score0.00308EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.19 views

CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack...

6.5CVSS5.6AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 6:16 p.m.10 views

CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack...

6.5CVSS0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 12:0 a.m.34 views

CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack...

0.00215EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.6 views

CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack...

5.6AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/03 12:0 a.m.6 views

EUVD-2025-206714

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack...

5.6AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/13 5:29 a.m.20 views

CVE-2025-60268

An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution...

6.5CVSS7.8AI score0.00336EPSS
Exploits1References1
OSV
OSV
added 2025/10/10 6:15 p.m.7 views

CVE-2025-60268

An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution...

6.5CVSS6.3AI score0.00336EPSS
Exploits1References2
NVD
NVD
added 2025/10/10 6:15 p.m.52 views

CVE-2025-60268

An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution...

6.5CVSS0.00336EPSS
Exploits1References2
OSV
OSV
added 2025/10/10 5:15 p.m.4 views

CVE-2025-60269

JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file...

9.4CVSS5.8AI score0.00306EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.6 views

PT-2025-41587

Name of the Vulnerable Software and Affected Versions JeeWMS version 20250820 Description An arbitrary file upload issue exists due to insufficient file validation within the saveFiles function located at the /jeewms/cgUploadController.do endpoint. An attacker with standard user privileges can...

6.5CVSS7.9AI score0.00336EPSS
Exploits1References5
Rows per page
Query Builder