Vulnerabilities (CVE)

Filtered by vendor Jeesns Subscribe
Total 21 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-38550 1 Jeesns 1 Jeesns 2024-11-21 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-19295 1 Jeesns 1 Jeesns 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19294 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.
CVE-2020-19293 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article.
CVE-2020-19292 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.
CVE-2020-19291 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo.
CVE-2020-19290 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section.
CVE-2020-19289 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab.
CVE-2020-19288 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message.
CVE-2020-19287 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title.
CVE-2020-19286 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.
CVE-2020-19285 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field.
CVE-2020-19284 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field.
CVE-2020-19283 1 Jeesns 1 Jeesns 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19282 1 Jeesns 1 Jeesns 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
CVE-2020-19281 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field.
CVE-2020-19280 1 Jeesns 1 Jeesns 2024-11-21 6.8 MEDIUM 8.8 HIGH
Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations.
CVE-2020-18035 1 Jeesns 1 Jeesns 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java".
CVE-2018-19178 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886.
CVE-2018-17886 1 Jeesns 1 Jeesns 2024-11-21 3.5 LOW 5.4 MEDIUM
An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429.