Jeecms

jeecms

Vendor: Jeecms • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-20799 1Jeecms 1Jeecms Nov 21, 2024 Sep 30, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.
CVE-2018-20528 1Jeecms 1Jeecms Nov 21, 2024 Dec 28, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter.
CVE-2018-19545 1Jeecms 1Jeecms Nov 21, 2024 Nov 26, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.
CVE-2018-19544 1Jeecms 1Jeecms Nov 21, 2024 Nov 26, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news.
CVE-2018-18952 1Jeecms 1Jeecms Nov 21, 2024 Nov 5, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI.