CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19285
https://notcve.org/view.php?id=CVE-2020-19285
09 Sep 2021 — A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el componente /group/apply de Jeesns versión 1.4.2, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo de texto Name • https://github.com/zchuanzhao/jeesns/issues/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19286
https://notcve.org/view.php?id=CVE-2020-19286
09 Sep 2021 — A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el componente /question/detail de Jeesns versión 1.4.2, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo source del editor • https://github.com/zchuanzhao/jeesns/issues/13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19284
https://notcve.org/view.php?id=CVE-2020-19284
09 Sep 2021 — A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el componente /group/comment de Jeesns versión 1.4.2, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo de texto group comments • https://github.com/zchuanzhao/jeesns/issues/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19283
https://notcve.org/view.php?id=CVE-2020-19283
09 Sep 2021 — A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el componente /newVersion de Jeesns versión 1.4.2 permite a atacantes ejecutar scripts web o HTML arbitrario • https://github.com/zchuanzhao/jeesns/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19282
https://notcve.org/view.php?id=CVE-2020-19282
09 Sep 2021 — A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en Jeesns versión 1.4.2, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo de texto system error message • https://github.com/zchuanzhao/jeesns/issues/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19281
https://notcve.org/view.php?id=CVE-2020-19281
09 Sep 2021 — A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el componente /manage/loginusername de Jeesns versión 1.4.2, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo username • https://github.com/zchuanzhao/jeesns/issues/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19280
https://notcve.org/view.php?id=CVE-2020-19280
09 Sep 2021 — Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. Jeesns versión 1.4.2, contiene una vulnerabilidad de tipo cross-site request forgery (CSRF) que permite a atacantes escalar privilegios y llevar a cabo operaciones confidenciales del programa • https://github.com/zchuanzhao/jeesns/issues/9 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-18035
https://notcve.org/view.php?id=CVE-2020-18035
29 Apr 2021 — Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java". Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Jeesns versión v1.4.2, permite a atacantes remotos ejecutar código arbitrario al inyectar comandos en el parámetro "CKEditorFuncNum" en el componente "CkeditorUploadController.java". • https://github.com/zchuanzhao/jeesns/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19178
https://notcve.org/view.php?id=CVE-2018-19178
11 Nov 2018 — In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. En JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java permite Cross-Site Scripting (XSS) persistente a través de un elemento HTML EMBED. Esta es una vulnerabilidad diferente a CVE-2018-17886. • https://github.com/zchuanzhao/jeesns/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17886
https://notcve.org/view.php?id=CVE-2018-17886
02 Oct 2018 — An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429. Se ha descubierto un problema en JEESNS 1.3. El filtro Cross-Site Scripting (XSS) en com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java podría omitirse, tal y como queda demostrado con una subcadena svg/onLoad=confirm. • https://github.com/Jayl1n/CVE/blob/master/jeesns/jeesns-1.3-xss-filter-bypass.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •