jpress
by Jpress
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-45807 | Cri | 0.64 | 9.8 | 0.03 | Jan 13, 2022 | jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall. | ||
| CVE-2024-43033 | Hig | 0.57 | 8.8 | 0.01 | Aug 22, 2024 | JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the… | ||
| CVE-2022-23330 | Hig | 0.57 | 8.8 | 0.02 | Feb 4, 2022 | A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. | ||
| CVE-2021-46114 | Hig | 0.57 | 8.8 | 0.02 | Jan 26, 2022 | jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | ||
| CVE-2021-45806 | Hig | 0.57 | 8.8 | 0.02 | Jan 13, 2022 | jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code. | ||
| CVE-2024-46468 | Hig | 0.49 | 7.5 | 0.00 | Oct 11, 2024 | A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure. | ||
| CVE-2021-46118 | Hig | 0.47 | 7.2 | 0.03 | Jan 26, 2022 | jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | ||
| CVE-2021-46116 | Hig | 0.47 | 7.2 | 0.03 | Jan 26, 2022 | jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code. | ||
| CVE-2021-46115 | Hig | 0.47 | 7.2 | 0.01 | Jan 26, 2022 | jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code. | ||
| CVE-2021-46117 | Hig | 0.47 | 7.2 | 0.03 | Jan 26, 2022 | jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | ||
| CVE-2019-6278 | Med | 0.35 | 5.4 | 0.01 | Jan 14, 2019 | XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option. | ||
| CVE-2024-8304 | Med | 0.31 | 4.7 | 0.01 | Aug 29, 2024 | A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be… | ||
| CVE-2018-19170 | Med | 0.31 | 4.8 | 0.01 | Nov 11, 2018 | In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter. |
- risk 0.64cvss 9.8epss 0.03
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.
- risk 0.57cvss 8.8epss 0.01
JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the…
- risk 0.57cvss 8.8epss 0.02
A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.
- risk 0.57cvss 8.8epss 0.02
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
- risk 0.57cvss 8.8epss 0.02
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.
- risk 0.49cvss 7.5epss 0.00
A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure.
- risk 0.47cvss 7.2epss 0.03
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
- risk 0.47cvss 7.2epss 0.03
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.
- risk 0.47cvss 7.2epss 0.01
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.
- risk 0.47cvss 7.2epss 0.03
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
- risk 0.35cvss 5.4epss 0.01
XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.
- risk 0.31cvss 4.7epss 0.01
A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be…
- risk 0.31cvss 4.8epss 0.01
In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter.