5 matches found
EUVD-2018-9627
Malware in sbrugna...
Code injection
An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429...
CVE-2018-12429
JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie...
CVE-2018-12429
CVE-2018-12429 affects JEESNS up to version 1.2.1 and enables XSS by normal users publishing articles containing crafted payloads to capture an administrator cookie. Connected sources indicate the XSS filter in XssHttpServletRequestWrapper can be bypassed, and note that this vulnerability exists ...
CVE-2018-12430
This CVE entry is rejected and not used; reference CVE-2018-12429 instead.