CVE-2026-3028

A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely...

CVE-2026-3028

A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely...

CVE-2026-3028

A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely...

CVE-2026-3028

A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely...

CVE-2026-3028

CVE-2026-3028 affects erzhongxmu JEEWMS up to 3.7. The vulnerability impacts function doAdd in src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java, where an argument named Name can be manipulated to trigger cross-site scripting. The issue can be remotely exploited; public exploit...

CVE-2026-3028 erzhongxmu JEEWMS JeecgListDemoController.java doAdd cross site scripting

A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely...

PT-2026-21567

Name of the Vulnerable Software and Affected Versions erzhongxmu JEEWMS versions up to 3.7 Description A flaw exists in erzhongxmu JEEWMS that allows for cross site scripting. The issue is located in the doAdd function within the file...

EUVD-2020-10375

Malware in sbrugna...

EUVD-2025-16565

Malicious code in bioql PyPI...

CVE-2025-5385

A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery with rolling...

CVE-2025-5385 JeeWMS cgformTemplateController.do doAdd path traversal

A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery with rolling...

CVE-2025-5385

The CVE-2025-5385 vulnerability affects JeeWMS (up to 20250504) in the doAdd handler of /cgformTemplateController.do?doAdd, enabling path traversal when handling input. The issue is exploitable remotely and has a high impact described across multiple sources; no public fix version is provided. Pr...

PT-2025-23409 · Jeewms · Jeewms

Name of the Vulnerable Software and Affected Versions: JeeWMS versions up to 20250504 Description: A critical issue affects the doAdd function of the /cgformTemplateController.do?doAdd API endpoint, leading to path traversal. This can be initiated remotely. Recommendations: For versions up to...

JeeWMS 路径遍历漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. JeeWMS 20250504 and previous versions of path traversal vulnerability, the vulnerability stems from the file /cgformTemplateController.do?doAdd function doAdd there is a path traversal...

CVE-2020-18451

Cross Site Scripting XSS vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php...

CVE-2020-18451

Cross Site Scripting XSS vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php...

DamiCMS 跨站请求伪造漏洞

DamiCMS is a content management system CMS for quickly building websites. There is a security vulnerability in DamiCMS v6.0.6 that allows you to add an administrative account via admin.php?s=/Admin/doadd...

CVE-2018-18296

MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action...

MetInfo Cross-Site Scripting Vulnerability (CNVD-2019-09131)

MetInfo is a Content Management System CMS developed using PHP and Mysql. A cross-site scripting vulnerability exists in MetInfo 6.1.2, which can be exploited by an attacker via the /admin/index.php bigclass parameter in the n=column&a=doadd operation...

DamiCMS Cross-Site Request Forgery Vulnerability

DamiCMS is a content management system CMS for building websites quickly. A cross-site request forgery vulnerability exists in DamiCMS version 6.0.0. A remote attacker can exploit this vulnerability to add an administrator account with the help of the admin.php?s=/Admin/doadd URL...