Jeesns
by Jeesns
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-19295 | 0.01 | — | 0.09 | Sep 9, 2021 | A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. | |||
| CVE-2020-19282 | 0.01 | — | 0.07 | Sep 9, 2021 | A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. | |||
| CVE-2022-38550 | 0.00 | — | 0.00 | Sep 19, 2022 | A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2020-19294 | 0.00 | — | 0.00 | Sep 9, 2021 | A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section. | |||
| CVE-2020-19292 | 0.00 | — | 0.00 | Sep 9, 2021 | A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question. | |||
| CVE-2020-19289 | 0.00 | — | 0.00 | Sep 9, 2021 | A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab. | |||
| CVE-2020-19290 | 0.00 | — | 0.00 | Sep 9, 2021 | A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section. | |||
| CVE-2020-19288 | 0.00 | — | 0.00 | Sep 9, 2021 | A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message. | |||
| CVE-2020-19287 | 0.00 | — | 0.00 | Sep 9, 2021 | A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title. | |||
| CVE-2020-19286 | 0.00 | — | 0.00 | Sep 9, 2021 | A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor. | |||
| CVE-2020-19284 | 0.00 | — | 0.00 | Sep 9, 2021 | A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field. | |||
| CVE-2020-19280 | 0.00 | — | 0.01 | Sep 9, 2021 | Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. | |||
| CVE-2018-19178 | 0.00 | — | 0.00 | Nov 11, 2018 | In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. | |||
| CVE-2018-17886 | 0.00 | — | 0.00 | Oct 2, 2018 | An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429. | |||
| CVE-2018-12429 | 0.00 | — | 0.00 | Jul 18, 2018 | JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie. |
- CVE-2020-19295Sep 9, 2021risk 0.01cvss —epss 0.09
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
- CVE-2020-19282Sep 9, 2021risk 0.01cvss —epss 0.07
A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
- CVE-2022-38550Sep 19, 2022risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2020-19294Sep 9, 2021risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.
- CVE-2020-19292Sep 9, 2021risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.
- CVE-2020-19289Sep 9, 2021risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab.
- CVE-2020-19290Sep 9, 2021risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section.
- CVE-2020-19288Sep 9, 2021risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message.
- CVE-2020-19287Sep 9, 2021risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title.
- CVE-2020-19286Sep 9, 2021risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.
- CVE-2020-19284Sep 9, 2021risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field.
- CVE-2020-19280Sep 9, 2021risk 0.00cvss —epss 0.01
Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations.
- CVE-2018-19178Nov 11, 2018risk 0.00cvss —epss 0.00
In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886.
- CVE-2018-17886Oct 2, 2018risk 0.00cvss —epss 0.00
An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429.
- CVE-2018-12429Jul 18, 2018risk 0.00cvss —epss 0.00
JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie.