) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2020-19295 |
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. Published: September 09, 2021; 7:15:10 PM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2020-19294 |
A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section. Published: September 09, 2021; 7:15:10 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-19293 |
A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article. Published: September 09, 2021; 7:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-19292 |
A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question. Published: September 09, 2021; 7:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-19291 |
A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo. Published: September 09, 2021; 7:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-19290 |
A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section. Published: September 09, 2021; 7:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-19289 |
A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab. Published: September 09, 2021; 7:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-19288 |
A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message. Published: September 09, 2021; 7:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-19287 |
A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title. Published: September 09, 2021; 7:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-19286 |
A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor. Published: September 09, 2021; 7:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-19285 |
A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field. Published: September 09, 2021; 7:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-19284 |
A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field. Published: September 09, 2021; 7:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-19283 |
A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. Published: September 09, 2021; 7:15:09 PM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2020-19282 |
A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. Published: September 09, 2021; 7:15:09 PM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2020-19281 |
A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. Published: September 09, 2021; 7:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-19280 |
Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. Published: September 09, 2021; 7:15:07 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2020-18035 |
Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java". Published: April 29, 2021; 7:15:07 PM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |