RSS   Vulnerabilities for 'Jeesns'   RSS

2018-11-11
 
CVE-2018-19178

CWE-79
 

 
In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886.

 
2018-10-02
 
CVE-2018-17886

CWE-79
 

 
An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429.

 
2018-07-18
 
CVE-2018-12429

CWE-79
 

 
JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie.

 


Copyright 2019, cxsecurity.com

 

Back to Top