CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19286
https://notcve.org/view.php?id=CVE-2020-19286
09 Sep 2021 — A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el componente /question/detail de Jeesns versión 1.4.2, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo source del editor • https://github.com/zchuanzhao/jeesns/issues/13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19284
https://notcve.org/view.php?id=CVE-2020-19284
09 Sep 2021 — A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el componente /group/comment de Jeesns versión 1.4.2, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo de texto group comments • https://github.com/zchuanzhao/jeesns/issues/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19283
https://notcve.org/view.php?id=CVE-2020-19283
09 Sep 2021 — A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el componente /newVersion de Jeesns versión 1.4.2 permite a atacantes ejecutar scripts web o HTML arbitrario • https://github.com/zchuanzhao/jeesns/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19282
https://notcve.org/view.php?id=CVE-2020-19282
09 Sep 2021 — A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en Jeesns versión 1.4.2, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo de texto system error message • https://github.com/zchuanzhao/jeesns/issues/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19281
https://notcve.org/view.php?id=CVE-2020-19281
09 Sep 2021 — A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el componente /manage/loginusername de Jeesns versión 1.4.2, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo username • https://github.com/zchuanzhao/jeesns/issues/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19280
https://notcve.org/view.php?id=CVE-2020-19280
09 Sep 2021 — Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. Jeesns versión 1.4.2, contiene una vulnerabilidad de tipo cross-site request forgery (CSRF) que permite a atacantes escalar privilegios y llevar a cabo operaciones confidenciales del programa • https://github.com/zchuanzhao/jeesns/issues/9 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-18035
https://notcve.org/view.php?id=CVE-2020-18035
29 Apr 2021 — Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java". Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Jeesns versión v1.4.2, permite a atacantes remotos ejecutar código arbitrario al inyectar comandos en el parámetro "CKEditorFuncNum" en el componente "CkeditorUploadController.java". • https://github.com/zchuanzhao/jeesns/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •