Jeesns

jeesns

Vendor: Jeesns • 21 CVEs

CVEs (21)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-38550 1Jeesns 1Jeesns Jun 17, 2026 Sep 19, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-19295 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19294 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.
CVE-2020-19293 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article.
CVE-2020-19292 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.
CVE-2020-19291 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo.
CVE-2020-19290 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section.
CVE-2020-19289 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab.
CVE-2020-19288 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message.
CVE-2020-19287 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title.
CVE-2020-19286 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.
CVE-2020-19285 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field.
CVE-2020-19284 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field.
CVE-2020-19283 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19282 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
CVE-2020-19281 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field.
CVE-2020-19280 1Jeesns 1Jeesns Jun 17, 2026 Sep 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations.
CVE-2020-18035 1Jeesns 1Jeesns Jun 17, 2026 Apr 29, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java".
CVE-2018-19178 1Jeesns 1Jeesns Nov 21, 2024 Nov 11, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886.
CVE-2018-17886 1Jeesns 1Jeesns Nov 21, 2024 Oct 2, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exis...Show more An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429.Show less

12 Next