Jeewms
by Jeewms
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3026 | Hig | 0.47 | 7.3 | 0.00 | Feb 23, 2026 | A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack… | ||
| CVE-2026-11458 | Med | 0.34 | 5.3 | 0.00 | Jun 7, 2026 | A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure.… | ||
| CVE-2026-3028 | Med | 0.28 | 4.3 | 0.00 | Feb 23, 2026 | A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be… | ||
| CVE-2026-3027 | Med | 0.28 | 4.3 | 0.00 | Feb 23, 2026 | A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched… | ||
| CVE-2025-70311 | 0.00 | — | 0.00 | Feb 3, 2026 | JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack. | |||
| CVE-2025-60269 | 0.00 | — | 0.00 | Oct 10, 2025 | JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file. | |||
| CVE-2025-60268 | 0.00 | — | 0.00 | Oct 10, 2025 | An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code… | |||
| CVE-2025-55834 | 0.00 | — | 0.00 | Sep 16, 2025 | A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information via the logController.do component | |||
| CVE-2024-53499 | 0.00 | — | 0.00 | Aug 22, 2025 | Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API. | |||
| CVE-2025-50901 | 0.00 | — | 0.00 | Aug 20, 2025 | JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading. | |||
| CVE-2025-5390 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It is possible to initiate the… | |||
| CVE-2025-5389 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access… | |||
| CVE-2025-5388 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability classified as critical was found in JeeWMS up to 20250504. Affected by this vulnerability is the function dogenerate of the file /generateController.do?dogenerate. The manipulation leads to sql injection. The attack can be launched remotely. This product takes… | |||
| CVE-2025-5387 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the… | |||
| CVE-2025-5386 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not… | |||
| CVE-2025-5385 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery… | |||
| CVE-2025-5384 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to sql injection. It is possible to initiate the attack remotely. This… | |||
| CVE-2025-29213 | 0.00 | — | 0.00 | Apr 15, 2025 | A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file. | |||
| CVE-2024-57761 | 0.00 | — | 0.00 | Jan 14, 2025 | An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file. | |||
| CVE-2024-57760 | 0.00 | — | 0.00 | Jan 14, 2025 | JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java. |
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack…
- risk 0.34cvss 5.3epss 0.00
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure.…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched…
- CVE-2025-70311Feb 3, 2026risk 0.00cvss —epss 0.00
JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack.
- CVE-2025-60269Oct 10, 2025risk 0.00cvss —epss 0.00
JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file.
- CVE-2025-60268Oct 10, 2025risk 0.00cvss —epss 0.00
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code…
- CVE-2025-55834Sep 16, 2025risk 0.00cvss —epss 0.00
A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information via the logController.do component
- CVE-2024-53499Aug 22, 2025risk 0.00cvss —epss 0.00
Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API.
- CVE-2025-50901Aug 20, 2025risk 0.00cvss —epss 0.00
JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.
- CVE-2025-5390May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It is possible to initiate the…
- CVE-2025-5389May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access…
- CVE-2025-5388May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical was found in JeeWMS up to 20250504. Affected by this vulnerability is the function dogenerate of the file /generateController.do?dogenerate. The manipulation leads to sql injection. The attack can be launched remotely. This product takes…
- CVE-2025-5387May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the…
- CVE-2025-5386May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not…
- CVE-2025-5385May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery…
- CVE-2025-5384May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to sql injection. It is possible to initiate the attack remotely. This…
- CVE-2025-29213Apr 15, 2025risk 0.00cvss —epss 0.00
A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file.
- CVE-2024-57761Jan 14, 2025risk 0.00cvss —epss 0.00
An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2024-57760Jan 14, 2025risk 0.00cvss —epss 0.00
JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java.
Page 1 of 2