RSS   Vulnerabilities for 'Jeecms'   RSS

2018-12-28
 
CVE-2018-20528

CWE-918
 

 
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter.

 
2018-11-26
 
CVE-2018-19545

CWE-352
 

 
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.

 
 
CVE-2018-19544

CWE-352
 

 
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news.

 
2018-11-05
 
CVE-2018-18952

CWE-79
 

 
JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI.

 


Copyright 2019, cxsecurity.com

 

Back to Top