VYPR

Jimureport

by Jeecg

Source repositories

CVEs (9)

  • CVE-2025-10771MedSep 21, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to…

  • CVE-2025-10770MedSep 21, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is…

  • CVE-2026-5848MedApr 9, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in…

  • CVE-2023-4450Aug 21, 2023
    risk 0.07cvss epss 0.11

    A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit…

  • CVE-2026-36418Jun 17, 2026
    risk 0.00cvss epss 0.00

    JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing…

  • CVE-2025-66913Jan 8, 2026
    risk 0.00cvss epss 0.01

    JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different…

  • CVE-2025-8963Aug 14, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be…

  • CVE-2024-44893Sep 10, 2024
    risk 0.00cvss epss 0.01

    An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request.

  • CVE-2023-6307Nov 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched…