Jeecms

jeecms

6 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-21729 1Jeecms 1Jeecms X Nov 21, 2024 Oct 7, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-20799 1Jeecms 1Jeecms Nov 21, 2024 Sep 30, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.
CVE-2018-20528 1Jeecms 1Jeecms Nov 21, 2024 Dec 28, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter.
CVE-2018-19545 1Jeecms 1Jeecms Nov 21, 2024 Nov 26, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.
CVE-2018-19544 1Jeecms 1Jeecms Nov 21, 2024 Nov 26, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news.
CVE-2018-18952 1Jeecms 1Jeecms Nov 21, 2024 Nov 5, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI.