Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jeesns jeesns vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-12429
JEESNS up to and including 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie.
Jeesns Jeesns
5.4
CVSSv3
CVE-2020-19286
A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.
Jeesns Jeesns 1.4.2
5.4
CVSSv3
CVE-2020-19288
A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in a private message.
Jeesns Jeesns 1.4.2
5.4
CVSSv3
CVE-2020-19291
A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo.
Jeesns Jeesns 1.4.2
5.4
CVSSv3
CVE-2020-19294
A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.
Jeesns Jeesns 1.4.2
5.4
CVSSv3
CVE-2018-17886
An issue exists in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429.
Jeesns Jeesns 1.3
5.4
CVSSv3
CVE-2022-38550
A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Jeesns Jeesns 2.0.0
5.4
CVSSv3
CVE-2018-19178
In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886.
Jeesns Jeesns 1.3
8.8
CVSSv3
CVE-2020-19280
Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows malicious users to escalate privileges and perform sensitive program operations.
Jeesns Jeesns 1.4.2
5.4
CVSSv3
CVE-2020-19281
A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the username field.
Jeesns Jeesns 1.4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »