Vendor CVEs
Jeewms
All CVEs
29 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3026 | Hig | 0.47 | 7.3 | 0.00 | Feb 23, 2026 | A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack… | ||
| CVE-2026-11458 | Med | 0.34 | 5.3 | 0.00 | Jun 7, 2026 | A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure.… | ||
| CVE-2026-3028 | Med | 0.28 | 4.3 | 0.00 | Feb 23, 2026 | A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be… | ||
| CVE-2026-3027 | Med | 0.28 | 4.3 | 0.00 | Feb 23, 2026 | A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched… | ||
| CVE-2025-70311 | 0.00 | — | 0.00 | Feb 3, 2026 | JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack. | |||
| CVE-2025-60269 | 0.00 | — | 0.00 | Oct 10, 2025 | JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file. | |||
| CVE-2025-60268 | 0.00 | — | 0.00 | Oct 10, 2025 | An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code… | |||
| CVE-2025-55834 | 0.00 | — | 0.00 | Sep 16, 2025 | A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information via the logController.do component | |||
| CVE-2024-53499 | 0.00 | — | 0.00 | Aug 22, 2025 | Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API. | |||
| CVE-2025-50901 | 0.00 | — | 0.00 | Aug 20, 2025 | JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading. | |||
| CVE-2025-5390 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It is possible to initiate the… | |||
| CVE-2025-5389 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access… | |||
| CVE-2025-5388 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability classified as critical was found in JeeWMS up to 20250504. Affected by this vulnerability is the function dogenerate of the file /generateController.do?dogenerate. The manipulation leads to sql injection. The attack can be launched remotely. This product takes… | |||
| CVE-2025-5387 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the… | |||
| CVE-2025-5386 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not… | |||
| CVE-2025-5385 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery… | |||
| CVE-2025-5384 | 0.00 | — | 0.00 | May 31, 2025 | A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to sql injection. It is possible to initiate the attack remotely. This… | |||
| CVE-2025-29213 | 0.00 | — | 0.00 | Apr 15, 2025 | A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file. | |||
| CVE-2024-57761 | 0.00 | — | 0.00 | Jan 14, 2025 | An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file. | |||
| CVE-2024-57760 | 0.00 | — | 0.00 | Jan 14, 2025 | JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java. | |||
| CVE-2024-57757 | 0.00 | — | 0.00 | Jan 14, 2025 | JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava. | |||
| CVE-2025-0392 | 0.00 | — | 0.01 | Jan 11, 2025 | A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is… | |||
| CVE-2025-0391 | 0.00 | — | 0.01 | Jan 11, 2025 | A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The… | |||
| CVE-2025-0390 | 0.00 | — | 0.01 | Jan 11, 2025 | A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated… | |||
| CVE-2024-12347 | 0.00 | — | 0.01 | Dec 8, 2024 | A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation… | |||
| CVE-2024-11961 | 0.00 | — | 0.01 | Nov 28, 2024 | A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request… | |||
| CVE-2024-11251 | 0.00 | — | 0.01 | Nov 15, 2024 | A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The… | |||
| CVE-2024-27765 | 0.00 | — | 0.01 | Mar 5, 2024 | Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component. | |||
| CVE-2024-27764 | 0.00 | — | 0.01 | Mar 5, 2024 | An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. |
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack…
- risk 0.34cvss 5.3epss 0.00
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure.…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched…
- CVE-2025-70311Feb 3, 2026risk 0.00cvss —epss 0.00
JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack.
- CVE-2025-60269Oct 10, 2025risk 0.00cvss —epss 0.00
JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file.
- CVE-2025-60268Oct 10, 2025risk 0.00cvss —epss 0.00
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code…
- CVE-2025-55834Sep 16, 2025risk 0.00cvss —epss 0.00
A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information via the logController.do component
- CVE-2024-53499Aug 22, 2025risk 0.00cvss —epss 0.00
Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API.
- CVE-2025-50901Aug 20, 2025risk 0.00cvss —epss 0.00
JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.
- CVE-2025-5390May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It is possible to initiate the…
- CVE-2025-5389May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access…
- CVE-2025-5388May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical was found in JeeWMS up to 20250504. Affected by this vulnerability is the function dogenerate of the file /generateController.do?dogenerate. The manipulation leads to sql injection. The attack can be launched remotely. This product takes…
- CVE-2025-5387May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the…
- CVE-2025-5386May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not…
- CVE-2025-5385May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery…
- CVE-2025-5384May 31, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to sql injection. It is possible to initiate the attack remotely. This…
- CVE-2025-29213Apr 15, 2025risk 0.00cvss —epss 0.00
A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file.
- CVE-2024-57761Jan 14, 2025risk 0.00cvss —epss 0.00
An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2024-57760Jan 14, 2025risk 0.00cvss —epss 0.00
JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java.
- CVE-2024-57757Jan 14, 2025risk 0.00cvss —epss 0.00
JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava.
- CVE-2025-0392Jan 11, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is…
- CVE-2025-0391Jan 11, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The…
- CVE-2025-0390Jan 11, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated…
- CVE-2024-12347Dec 8, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation…
- CVE-2024-11961Nov 28, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request…
- CVE-2024-11251Nov 15, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The…
- CVE-2024-27765Mar 5, 2024risk 0.00cvss —epss 0.01
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.
- CVE-2024-27764Mar 5, 2024risk 0.00cvss —epss 0.01
An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.