lxinet/jeesns

GitHub

github.com

www.jeesns.cn

Releases3

Frequency6 months 2 weeks

Last Release about 6 years ago

Stars424

JEESNS是一款基于JAVA企业级平台研发的社交管理系统，依托企业级JAVA的高效、安全、稳定等优势，开创国内JAVA版开源SNS先河。交流QQ群：280062708。

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-19294 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.
CVE-2020-19295 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	6.1 MEDIUM	4.3 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19286 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.
CVE-2020-19287 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title.
CVE-2020-19282 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	6.1 MEDIUM	4.3 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
CVE-2020-19283 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	6.1 MEDIUM	4.3 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19284 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field.
CVE-2020-19285 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field.
CVE-2020-19293 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article.
CVE-2020-19281 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field.
CVE-2020-19288 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message.
CVE-2020-19289 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab.
CVE-2020-19290 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section.
CVE-2020-19291 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo.
CVE-2020-19292 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.
CVE-2020-19280 ↗	Sep 9, 2021Thursday, 9 September 2021, 23:15	8.8 HIGH	6.8 MEDIUM
Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations.
CVE-2020-18035 ↗	Apr 29, 2021Thursday, 29 April 2021, 23:15	6.1 MEDIUM	4.3 MEDIUM
Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java".
CVE-2018-19178 ↗	Nov 11, 2018Sunday, 11 November 2018, 16:29	—	3.5 LOW
In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886.