VYPR
Vendor

Jpress

Products
1
CVEs
14
Across products
14
Status
Private

Products

1

Recent CVEs

14
  • CVE-2021-45807CriJan 13, 2022
    risk 0.64cvss 9.8epss 0.03

    jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.

  • CVE-2024-43033HigAug 22, 2024
    risk 0.57cvss 8.8epss 0.01

    JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the…

  • CVE-2022-23330HigFeb 4, 2022
    risk 0.57cvss 8.8epss 0.02

    A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.

  • CVE-2021-46114HigJan 26, 2022
    risk 0.57cvss 8.8epss 0.02

    jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.

  • CVE-2021-45808HigJan 19, 2022
    risk 0.57cvss 8.8epss 0.02

    jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.

  • CVE-2021-45806HigJan 13, 2022
    risk 0.57cvss 8.8epss 0.02

    jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.

  • CVE-2024-46468HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure.

  • CVE-2021-46118HigJan 26, 2022
    risk 0.47cvss 7.2epss 0.03

    jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.

  • CVE-2021-46116HigJan 26, 2022
    risk 0.47cvss 7.2epss 0.03

    jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.

  • CVE-2021-46115HigJan 26, 2022
    risk 0.47cvss 7.2epss 0.01

    jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.

  • CVE-2021-46117HigJan 26, 2022
    risk 0.47cvss 7.2epss 0.03

    jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.

  • CVE-2019-6278MedJan 14, 2019
    risk 0.35cvss 5.4epss 0.01

    XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.

  • CVE-2024-8304MedAug 29, 2024
    risk 0.31cvss 4.7epss 0.01

    A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be…

  • CVE-2018-19170MedNov 11, 2018
    risk 0.31cvss 4.8epss 0.01

    In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter.