4 matches found
EUVD-2018-10889
Malware in sbrugna...
Cross site scripting
In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886...
CVE-2018-17886
An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429...
CVE-2018-17886
CVE-2018-17886 affects JEESNS 1.3. The vulnerability is a bypass of the XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java, demonstrated by a crafted