Jeewms

Jeewms

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-3027

Exploit
  • EPSS 0.04%
  • Veröffentlicht 23.02.2026 21:19:12
  • Zuletzt bearbeitet 24.02.2026 20:03:17

A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting....

7.3

CVE-2026-3026

Exploit
  • EPSS 0.05%
  • Veröffentlicht 23.02.2026 20:02:09
  • Zuletzt bearbeitet 24.02.2026 20:09:12

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side r...

6.5

CVE-2025-70311

  • EPSS 0.02%
  • Veröffentlicht 03.02.2026 00:00:00
  • Zuletzt bearbeitet 18.02.2026 16:24:07

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack.

6.5

CVE-2025-60268

Exploit
  • EPSS 0.19%
  • Veröffentlicht 10.10.2025 00:00:00
  • Zuletzt bearbeitet 16.10.2025 15:39:43

An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that wou...

9.4

CVE-2025-60269

Exploit
  • EPSS 0.06%
  • Veröffentlicht 10.10.2025 00:00:00
  • Zuletzt bearbeitet 16.10.2025 15:40:08

JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file.

6.1

CVE-2025-55834

Exploit
  • EPSS 0.04%
  • Veröffentlicht 16.09.2025 00:00:00
  • Zuletzt bearbeitet 20.09.2025 03:02:12

A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information via the logController.do component

9.8

CVE-2024-53499

Exploit
  • EPSS 0.04%
  • Veröffentlicht 22.08.2025 00:00:00
  • Zuletzt bearbeitet 09.09.2025 19:12:21

Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API.

9.8

CVE-2025-50901

Exploit
  • EPSS 0.12%
  • Veröffentlicht 20.08.2025 00:00:00
  • Zuletzt bearbeitet 11.09.2025 19:18:46

JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.

9.8

CVE-2025-5390

  • EPSS 0.06%
  • Veröffentlicht 31.05.2025 19:00:08
  • Zuletzt bearbeitet 11.09.2025 20:43:35

A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It ...

9.8

CVE-2025-5389

  • EPSS 0.06%
  • Veröffentlicht 31.05.2025 18:31:06
  • Zuletzt bearbeitet 11.09.2025 20:43:38

A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulatio...