Lemon Security Vulnerabilities and Issues — Lemon CVE List

Lucene search

MossleLemon

3 matches found

CVE•added 2021/12/22 11:15 p.m.•35 views

CVE-2020-20597

A cross-site scripting (XSS) vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML.

6.1CVSS6AI score0.0033EPSS

CVE•added 2021/12/22 11:15 p.m.•33 views

CVE-2020-20598

A cross-site scripting (XSS) vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML.

6.1CVSS6AI score0.0033EPSS

CVE•added 2018/10/15 4:29 a.m.•27 views

CVE-2018-18315

com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.

7.5CVSS7.5AI score0.00237EPSS