2 matches found
CVE-2019-19033
CVE-2019-19033 affects Jalios JCMS 10. The webdav authentication can be bypassed via a backdoor account using any username and a hardcoded dev password, granting administrative access to the site and WebDAV server. The vulnerability stems from insecure handling in the DevTools plugin (DevToolsAut...
CVE-2020-15497
CVE-2020-15497 affects Jalios JCMS 10.0.2 build-20200224104759. The vulnerability exists in jcore/portal/ajaxPortal.jsp where the types parameter enables cross-site scripting. Descriptions note the issue is not present in the standard installation of Jalios JCMS. Connected sources (PT-2020-14459)...