Lucene search
K

50 matches found

CNVD
CNVD
added 2025/09/18 12:0 a.m.3 views

JeeWMS Cross-Site Scripting Vulnerability

JeeWMS is a JAVA-based warehouse management system . A cross-site scripting vulnerability exists in JeeWMS 3.7 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data by the logController.do component, and can be exploited by an attacker to disclo...

6.1CVSS6AI score0.00305EPSS
Exploits1References1
NVD
NVD
added 2025/09/16 1:16 p.m.5 views

CVE-2025-55834

A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information via the logController.do component...

6.1CVSS0.00305EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/09/01 9:32 p.m.11 views

CVE-2025-9796 thinkgem JeeSite EncodeUtils.java decodeUrl2 cross site scripting

A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made...

5.1CVSS0.00328EPSS
Exploits1References8
CVE
CVE
added 2025/07/17 9:32 p.m.26 views

CVE-2025-7759

Summary: CVE-2025-7759 affects thinkgem JeeSite up to 5.12.0, specifically the UEditor Image Grabber component’s ActionEnter.java. Root cause: Manipulation of the Source argument enables server-side request forgery (SSRF). Impact: Remote exploitation with potential impact on server resources; exp...

8.8CVSS6.3AI score0.00309EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/05/31 7:15 p.m.3 views

CVE-2025-5389

A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access controls. The attack...

9.8CVSS5.3AI score0.00287EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/31 12:0 a.m.3 views

JeeWMS 注入漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. JeeWMS 20250504 and previous versions of injection vulnerability exists, the vulnerability stems from the file /cgformTransController.do?transEditor function in the transEditor SQL injection...

9.8CVSS7.1AI score0.00273EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 1:8 p.m.7 views

CVE-2018-6446

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications...

9.8CVSS7.1AI score0.0134EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 7:16 p.m.3 views

CVE-2025-29213

A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file...

5.5CVSS6AI score
Exploits0References1
OSV
OSV
added 2025/01/15 12:15 a.m.4 views

CVE-2024-57760

JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java...

6.5CVSS5.8AI score0.00353EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.3 views

JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. A security vulnerability exists in JeeWMS versions prior to v2025.01.01. An attacker can exploit this vulnerability to execute arbitrary code by uploading specially crafted files...

8.1CVSS7.5AI score0.00473EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.5 views

PT-2025-3555 · Jeewms · Jeewms

Name of the Vulnerable Software and Affected Versions: JeeWMS versions prior to 2025.01.01 Description: The issue is related to an arbitrary file upload vulnerability in the parserXML method. This allows attackers to execute arbitrary code via uploading a crafted file. There is no information...

8.1CVSS8AI score0.00473EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/01/11 12:0 a.m.3 views

JeeWMS 注入漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. An injection vulnerability exists in JeeWMS 20241229 and earlier versions, which stems from SQL injection in the saveOrUpdate function...

8.8CVSS7AI score0.005EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2022/10/04 6:21 p.m.31 views

Russian Hacker Arrested in India for Reportedly Helping Students Cheat in JEE-Main Exam

India's Central Bureau of Investigation CBI on Monday disclosed that it has detained a Russian national for allegedly hacking into a software platform used to conduct engineering entrance assessments in the country in 2021. "The said accused was detained by the Bureau of Immigration at Indira...

0.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/06/30 12:0 a.m.8 views

be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +3019 more potentially affected by CVE-2022-32532 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.9.0)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =1.0.0, =0.0.2, =0.0.21, =0.0.2, =0.0.1, =1.0.2, =1.0.0, =1.0.0, =2.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 and more Source cves: CVE-2022-32532 Source advisory: OSV:GHSA-4CF5-XMHP-3XJ7...

9.8CVSS7.1AI score0.25431EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 2:46 a.m.7 views

be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +1469 more potentially affected by CVE-2016-4437 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.2.4)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =2.0.0, =0.0.2, =0.1, =0.1, =0.1, =2.1.0-RELEASE, =1.0, =1.0.3 - cn.org.awcp:awcp-formdesigner-application =1.0-RELEASE - cn.org.awcp:awcp-formdesigner-applicationImpl =1.0-RELEASE -...

9.8CVSS7.1AI score0.93143EPSS
Exploits9
vulnersOsv
vulnersOsv
added 2022/05/13 1:1 a.m.5 views

be.dnsbelgium:rdap-server (>=0.3.3 <=1.0.3), com.arsframework:ars-module-cms (>=1.0.0 <=1.1.4) +379 more potentially affected by CVE-2014-0097 via org.springframework.security:spring-security-core (>=3.1.0.RELEASE <=3.1.4.RELEASE)

org.springframework.security:spring-security-core MAVEN version =3.1.0.RELEASE, =0.3.3, =1.0.0, =1.0.0, =1.0.0, =1.2.1, =1.2.1, =1.3.6, =1.0.0-alpha2, =1.5, =1.0.0, =3.0.4, =3.0.5 - com.github.ptomli.bedrock:bedrock-core =1.0.0 - com.github.yongjacky:jee.borneo.miri =1.1.6 -...

7.5CVSS7.1AI score0.01209EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2021/11/15 12:44 p.m.10 views

All Vulnerabilities for jeeadv.ac.in Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| jeeadv.ac.in ---|--- Open Bug Bounty...

6.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2021/09/20 8:18 p.m.5 views

be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +2973 more potentially affected by CVE-2021-41303 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.7.1)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =1.0.0, =0.0.2, =0.0.21, =0.0.2, =0.0.1, =1.0.2, =1.0.0, =1.0.5 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - cn.chenzw.toolkit:toolkit =1.0.3-a and more Source cves: CVE-2021-41303 Source advisory:...

9.8CVSS7.2AI score0.7557EPSS
Exploits0
NVD
NVD
added 2020/06/29 6:15 p.m.22 views

CVE-2018-6446

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications...

9.8CVSS0.0134EPSS
Exploits0References1
Prion
Prion
added 2020/06/29 6:15 p.m.22 views

Design/Logic Flaw

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications...

7.5CVSS9.3AI score0.0134EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder