CVE-2026-3027

Vulnerability summary (CVE-2026-3027) : In erzhongxmu JEEWMS (up to 3.7), the UEditor component’s file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp is vulnerable. Manipulating the myEditor argument yields a cross-site scripting flaw that can be exploited remotely. Public exploit code exists...

CVE-2026-3027

A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The explo...

CVE-2026-3027 erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting

A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The explo...

JeeWMS 代码注入漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Versions of JeeWMS 3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the parameter ‘myEditor’ in the file...