50 matches found
JeeWMS Cross-Site Scripting Vulnerability
JeeWMS is a JAVA-based warehouse management system . A cross-site scripting vulnerability exists in JeeWMS 3.7 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data by the logController.do component, and can be exploited by an attacker to disclo...
CVE-2025-55834
A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information via the logController.do component...
CVE-2025-9796 thinkgem JeeSite EncodeUtils.java decodeUrl2 cross site scripting
A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made...
CVE-2025-7759
Summary: CVE-2025-7759 affects thinkgem JeeSite up to 5.12.0, specifically the UEditor Image Grabber component’s ActionEnter.java. Root cause: Manipulation of the Source argument enables server-side request forgery (SSRF). Impact: Remote exploitation with potential impact on server resources; exp...
CVE-2025-5389
A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access controls. The attack...
JeeWMS 注入漏洞
JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. JeeWMS 20250504 and previous versions of injection vulnerability exists, the vulnerability stems from the file /cgformTransController.do?transEditor function in the transEditor SQL injection...
CVE-2018-6446
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications...
CVE-2025-29213
A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file...
CVE-2024-57760
JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java...
JeeWMS 安全漏洞
JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. A security vulnerability exists in JeeWMS versions prior to v2025.01.01. An attacker can exploit this vulnerability to execute arbitrary code by uploading specially crafted files...
PT-2025-3555 · Jeewms · Jeewms
Name of the Vulnerable Software and Affected Versions: JeeWMS versions prior to 2025.01.01 Description: The issue is related to an arbitrary file upload vulnerability in the parserXML method. This allows attackers to execute arbitrary code via uploading a crafted file. There is no information...
JeeWMS 注入漏洞
JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. An injection vulnerability exists in JeeWMS 20241229 and earlier versions, which stems from SQL injection in the saveOrUpdate function...
Russian Hacker Arrested in India for Reportedly Helping Students Cheat in JEE-Main Exam
India's Central Bureau of Investigation CBI on Monday disclosed that it has detained a Russian national for allegedly hacking into a software platform used to conduct engineering entrance assessments in the country in 2021. "The said accused was detained by the Bureau of Immigration at Indira...
be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +3019 more potentially affected by CVE-2022-32532 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.9.0)
org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =1.0.0, =0.0.2, =0.0.21, =0.0.2, =0.0.1, =1.0.2, =1.0.0, =1.0.0, =2.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 and more Source cves: CVE-2022-32532 Source advisory: OSV:GHSA-4CF5-XMHP-3XJ7...
be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +1469 more potentially affected by CVE-2016-4437 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.2.4)
org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =2.0.0, =0.0.2, =0.1, =0.1, =0.1, =2.1.0-RELEASE, =1.0, =1.0.3 - cn.org.awcp:awcp-formdesigner-application =1.0-RELEASE - cn.org.awcp:awcp-formdesigner-applicationImpl =1.0-RELEASE -...
be.dnsbelgium:rdap-server (>=0.3.3 <=1.0.3), com.arsframework:ars-module-cms (>=1.0.0 <=1.1.4) +379 more potentially affected by CVE-2014-0097 via org.springframework.security:spring-security-core (>=3.1.0.RELEASE <=3.1.4.RELEASE)
org.springframework.security:spring-security-core MAVEN version =3.1.0.RELEASE, =0.3.3, =1.0.0, =1.0.0, =1.0.0, =1.2.1, =1.2.1, =1.3.6, =1.0.0-alpha2, =1.5, =1.0.0, =3.0.4, =3.0.5 - com.github.ptomli.bedrock:bedrock-core =1.0.0 - com.github.yongjacky:jee.borneo.miri =1.1.6 -...
All Vulnerabilities for jeeadv.ac.in Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| jeeadv.ac.in ---|--- Open Bug Bounty...
be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +2973 more potentially affected by CVE-2021-41303 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.7.1)
org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =1.0.0, =0.0.2, =0.0.21, =0.0.2, =0.0.1, =1.0.2, =1.0.0, =1.0.5 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - cn.chenzw.toolkit:toolkit =1.0.3-a and more Source cves: CVE-2021-41303 Source advisory:...
CVE-2018-6446
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications...
Design/Logic Flaw
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications...