Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:jeesns:jeesns:1.3:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-19178 |
In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. Published: November 11, 2018; 11:29:00 AM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-17886 |
An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429. Published: October 02, 2018; 2:29:02 PM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |