Search

Find a vulnerability

Search criteria

    12 vulnerabilities by erzhongxmu

    CVE-2026-11458 (GCVE-0-2026-11458)

    Vulnerability from nvd – Published: 2026-06-07 08:00 – Updated: 2026-06-08 16:33
    VLAI
    Title
    erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure
    Summary
    A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/369077 vdb-entry
    https://vuldb.com/vuln/369077/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-11458 third-party-advisory
    https://vuldb.com/submit/828538 third-party-advisory
    https://github.com/0d000721999/evc1/issues/2 exploitissue-tracking
    Impacted products
    Vendor Product Version
    erzhongxmu JeeWMS Affected: 141740afb2ba14d441c82a833d0a418d07ca2d69
        cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    0d00 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11458",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T14:15:31.630834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T16:33:24.228Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Boot Actuator Endpoint"
              ],
              "product": "JeeWMS",
              "vendor": "erzhongxmu",
              "versions": [
                {
                  "status": "affected",
                  "version": "141740afb2ba14d441c82a833d0a418d07ca2d69"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "0d00 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T08:00:10.756Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369077 | erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/369077"
            },
            {
              "name": "VDB-369077 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369077/cti"
            },
            {
              "name": "CVE-2026-11458 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11458"
            },
            {
              "name": "Submit #828538 | \u5e7f\u5dde\u534e\u58f9\u667a\u80fd\u79d1\u6280\u6709\u9650\u516c\u53f8 JEEWMS latest Unauthorized Sensitive Information Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/828538"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/0d000721999/evc1/issues/2"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-06T18:07:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11458",
        "datePublished": "2026-06-07T08:00:10.756Z",
        "dateReserved": "2026-06-06T16:02:06.216Z",
        "dateUpdated": "2026-06-08T16:33:24.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11457 (GCVE-0-2026-11457)

    Vulnerability from nvd – Published: 2026-06-07 07:45 – Updated: 2026-06-09 14:37
    VLAI
    Title
    erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection injection
    Summary
    A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument dbType/dbDriver/dbUrl/dbUsername/dbPassword results in injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/369076 vdb-entrytechnical-description
    https://vuldb.com/vuln/369076/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-11457 third-party-advisory
    https://vuldb.com/submit/828509 third-party-advisory
    https://github.com/0d000721999/evc1/issues/1 exploitissue-tracking
    Impacted products
    Vendor Product Version
    erzhongxmu JeeWMS Affected: 141740afb2ba14d441c82a833d0a418d07ca2d69
        cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    0d00 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11457",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T14:36:45.875634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T14:37:29.756Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "JimuReport test-connection Endpoint"
              ],
              "product": "JeeWMS",
              "vendor": "erzhongxmu",
              "versions": [
                {
                  "status": "affected",
                  "version": "141740afb2ba14d441c82a833d0a418d07ca2d69"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "0d00 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument dbType/dbDriver/dbUrl/dbUsername/dbPassword results in injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "Improper Neutralization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T07:45:07.255Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369076 | erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/369076"
            },
            {
              "name": "VDB-369076 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369076/cti"
            },
            {
              "name": "CVE-2026-11457 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11457"
            },
            {
              "name": "Submit #828509 | \u5e7f\u5dde\u534e\u58f9\u667a\u80fd\u79d1\u6280\u6709\u9650\u516c\u53f8 JeeWMS latest RCE",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/828509"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/0d000721999/evc1/issues/1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-06T18:07:14.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11457",
        "datePublished": "2026-06-07T07:45:07.255Z",
        "dateReserved": "2026-06-06T16:02:03.321Z",
        "dateUpdated": "2026-06-09T14:37:29.756Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3028 (GCVE-0-2026-3028)

    Vulnerability from nvd – Published: 2026-02-23 21:32 – Updated: 2026-02-25 15:28
    VLAI
    Title
    erzhongxmu JEEWMS JeecgListDemoController.java doAdd cross site scripting
    Summary
    A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.347384 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.347384 signaturepermissions-required
    https://vuldb.com/?submit.756527 third-party-advisory
    https://www.notion.so/JEEWMS-Stored-Cross-Site-Sc… exploit
    Impacted products
    Vendor Product Version
    erzhongxmu JEEWMS Affected: 3.0
    Affected: 3.1
    Affected: 3.2
    Affected: 3.3
    Affected: 3.4
    Affected: 3.5
    Affected: 3.6
    Affected: 3.7
        cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    din4 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3028",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T15:27:33.709385Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T15:28:13.880Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*"
              ],
              "product": "JEEWMS",
              "vendor": "erzhongxmu",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0"
                },
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "3.2"
                },
                {
                  "status": "affected",
                  "version": "3.3"
                },
                {
                  "status": "affected",
                  "version": "3.4"
                },
                {
                  "status": "affected",
                  "version": "3.5"
                },
                {
                  "status": "affected",
                  "version": "3.6"
                },
                {
                  "status": "affected",
                  "version": "3.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "din4 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T21:32:08.463Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-347384 | erzhongxmu JEEWMS JeecgListDemoController.java doAdd cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.347384"
            },
            {
              "name": "VDB-347384 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.347384"
            },
            {
              "name": "Submit #756527 | erzhongxmu JEEWMS \u22643.7 Reflected XSS",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.756527"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/JEEWMS-Stored-Cross-Site-Scripting-XSS-in-SysModule-304ea92a3c418099bed7f1e0bca12d83"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-02-23T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-02-23T15:10:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "erzhongxmu JEEWMS JeecgListDemoController.java doAdd cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3028",
        "datePublished": "2026-02-23T21:32:08.463Z",
        "dateReserved": "2026-02-23T14:05:23.655Z",
        "dateUpdated": "2026-02-25T15:28:13.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3027 (GCVE-0-2026-3027)

    Vulnerability from nvd – Published: 2026-02-23 21:02 – Updated: 2026-02-25 15:19
    VLAI
    Title
    erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting
    Summary
    A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.347383 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.347383 signaturepermissions-required
    https://vuldb.com/?submit.756523 third-party-advisory
    https://www.notion.so/JEEWMS-Reflected-XSS-Vulner… exploit
    Impacted products
    Vendor Product Version
    erzhongxmu JEEWMS Affected: 3.0
    Affected: 3.1
    Affected: 3.2
    Affected: 3.3
    Affected: 3.4
    Affected: 3.5
    Affected: 3.6
    Affected: 3.7
        cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    din4 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3027",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T15:18:36.654456Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T15:19:05.163Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "UEditor"
              ],
              "product": "JEEWMS",
              "vendor": "erzhongxmu",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0"
                },
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "3.2"
                },
                {
                  "status": "affected",
                  "version": "3.3"
                },
                {
                  "status": "affected",
                  "version": "3.4"
                },
                {
                  "status": "affected",
                  "version": "3.5"
                },
                {
                  "status": "affected",
                  "version": "3.6"
                },
                {
                  "status": "affected",
                  "version": "3.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "din4 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T21:02:08.183Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-347383 | erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.347383"
            },
            {
              "name": "VDB-347383 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.347383"
            },
            {
              "name": "Submit #756523 | erzhongxmu JEEWMS \u003c= 3.7 Reflected XSS",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.756523"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/JEEWMS-Reflected-XSS-Vulnerability-in-UEditor-Module-304ea92a3c41806a97ffc9b707f2fbf0"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-02-23T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-02-23T15:10:30.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3027",
        "datePublished": "2026-02-23T21:02:08.183Z",
        "dateReserved": "2026-02-23T14:05:20.948Z",
        "dateUpdated": "2026-02-25T15:19:05.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3026 (GCVE-0-2026-3026)

    Vulnerability from nvd – Published: 2026-02-23 20:02 – Updated: 2026-02-25 15:04
    VLAI
    Title
    erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery
    Summary
    A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.347382 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.347382 signaturepermissions-required
    https://vuldb.com/?submit.756522 third-party-advisory
    https://www.notion.so/JEEWMS-SSRF-Vulnerability-i… exploit
    Impacted products
    Vendor Product Version
    erzhongxmu JEEWMS Affected: 3.7
        cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    din4 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3026",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T15:04:36.615175Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T15:04:59.828Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "UEditor"
              ],
              "product": "JEEWMS",
              "vendor": "erzhongxmu",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "din4 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T20:02:09.909Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-347382 | erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.347382"
            },
            {
              "name": "VDB-347382 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.347382"
            },
            {
              "name": "Submit #756522 | erzhongxmu JEEWMS \u22643.7 Server-Side Request Forgery",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.756522"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/JEEWMS-SSRF-Vulnerability-in-UEditor-Module-304ea92a3c41806782b1f7285ab0d580"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-02-23T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-02-23T15:11:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3026",
        "datePublished": "2026-02-23T20:02:09.909Z",
        "dateReserved": "2026-02-23T14:05:13.898Z",
        "dateUpdated": "2026-02-25T15:04:59.828Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-11251 (GCVE-0-2024-11251)

    Vulnerability from nvd – Published: 2024-11-15 18:00 – Updated: 2024-11-19 16:11
    VLAI
    Title
    erzhongxmu Jeewms AuthInterceptor cgReportController.do sql injection
    Summary
    A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.284687 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.284687 signaturepermissions-required
    https://gitee.com/erzhongxmu/JEEWMS/issues/IB2XZG exploitissue-tracking
    Impacted products
    Vendor Product Version
    erzhongxmu Jeewms Affected: 20241108
    Create a notification for this product.
    erzhongxmu jeewms Affected: 0 , ≤ 20241108 (custom)
        cpe:2.3:a:erzhongxmu:jeewms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    VulDB Gitee Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:erzhongxmu:jeewms:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jeewms",
                "vendor": "erzhongxmu",
                "versions": [
                  {
                    "lessThanOrEqual": "20241108",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11251",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-19T16:10:24.708428Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-19T16:11:57.733Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "AuthInterceptor"
              ],
              "product": "Jeewms",
              "vendor": "erzhongxmu",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241108"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB Gitee Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in erzhongxmu Jeewms bis 20241108 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei cgReportController.do der Komponente AuthInterceptor. Durch das Manipulieren des Arguments begin_date mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T18:00:12.868Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-284687 | erzhongxmu Jeewms AuthInterceptor cgReportController.do sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.284687"
            },
            {
              "name": "VDB-284687 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.284687"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/IB2XZG"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-11-15T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-11-15T10:04:05.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "erzhongxmu Jeewms AuthInterceptor cgReportController.do sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-11251",
        "datePublished": "2024-11-15T18:00:12.868Z",
        "dateReserved": "2024-11-15T08:57:19.277Z",
        "dateUpdated": "2024-11-19T16:11:57.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-11458 (GCVE-0-2026-11458)

    Vulnerability from cvelistv5 – Published: 2026-06-07 08:00 – Updated: 2026-06-08 16:33
    VLAI
    Title
    erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure
    Summary
    A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/369077 vdb-entry
    https://vuldb.com/vuln/369077/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-11458 third-party-advisory
    https://vuldb.com/submit/828538 third-party-advisory
    https://github.com/0d000721999/evc1/issues/2 exploitissue-tracking
    Impacted products
    Vendor Product Version
    erzhongxmu JeeWMS Affected: 141740afb2ba14d441c82a833d0a418d07ca2d69
        cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    0d00 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11458",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T14:15:31.630834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T16:33:24.228Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Boot Actuator Endpoint"
              ],
              "product": "JeeWMS",
              "vendor": "erzhongxmu",
              "versions": [
                {
                  "status": "affected",
                  "version": "141740afb2ba14d441c82a833d0a418d07ca2d69"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "0d00 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T08:00:10.756Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369077 | erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/369077"
            },
            {
              "name": "VDB-369077 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369077/cti"
            },
            {
              "name": "CVE-2026-11458 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11458"
            },
            {
              "name": "Submit #828538 | \u5e7f\u5dde\u534e\u58f9\u667a\u80fd\u79d1\u6280\u6709\u9650\u516c\u53f8 JEEWMS latest Unauthorized Sensitive Information Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/828538"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/0d000721999/evc1/issues/2"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-06T18:07:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11458",
        "datePublished": "2026-06-07T08:00:10.756Z",
        "dateReserved": "2026-06-06T16:02:06.216Z",
        "dateUpdated": "2026-06-08T16:33:24.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11457 (GCVE-0-2026-11457)

    Vulnerability from cvelistv5 – Published: 2026-06-07 07:45 – Updated: 2026-06-09 14:37
    VLAI
    Title
    erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection injection
    Summary
    A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument dbType/dbDriver/dbUrl/dbUsername/dbPassword results in injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/369076 vdb-entrytechnical-description
    https://vuldb.com/vuln/369076/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-11457 third-party-advisory
    https://vuldb.com/submit/828509 third-party-advisory
    https://github.com/0d000721999/evc1/issues/1 exploitissue-tracking
    Impacted products
    Vendor Product Version
    erzhongxmu JeeWMS Affected: 141740afb2ba14d441c82a833d0a418d07ca2d69
        cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    0d00 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11457",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T14:36:45.875634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T14:37:29.756Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "JimuReport test-connection Endpoint"
              ],
              "product": "JeeWMS",
              "vendor": "erzhongxmu",
              "versions": [
                {
                  "status": "affected",
                  "version": "141740afb2ba14d441c82a833d0a418d07ca2d69"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "0d00 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument dbType/dbDriver/dbUrl/dbUsername/dbPassword results in injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "Improper Neutralization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T07:45:07.255Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369076 | erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/369076"
            },
            {
              "name": "VDB-369076 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369076/cti"
            },
            {
              "name": "CVE-2026-11457 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11457"
            },
            {
              "name": "Submit #828509 | \u5e7f\u5dde\u534e\u58f9\u667a\u80fd\u79d1\u6280\u6709\u9650\u516c\u53f8 JeeWMS latest RCE",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/828509"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/0d000721999/evc1/issues/1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-06T18:07:14.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11457",
        "datePublished": "2026-06-07T07:45:07.255Z",
        "dateReserved": "2026-06-06T16:02:03.321Z",
        "dateUpdated": "2026-06-09T14:37:29.756Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3028 (GCVE-0-2026-3028)

    Vulnerability from cvelistv5 – Published: 2026-02-23 21:32 – Updated: 2026-02-25 15:28
    VLAI
    Title
    erzhongxmu JEEWMS JeecgListDemoController.java doAdd cross site scripting
    Summary
    A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.347384 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.347384 signaturepermissions-required
    https://vuldb.com/?submit.756527 third-party-advisory
    https://www.notion.so/JEEWMS-Stored-Cross-Site-Sc… exploit
    Impacted products
    Vendor Product Version
    erzhongxmu JEEWMS Affected: 3.0
    Affected: 3.1
    Affected: 3.2
    Affected: 3.3
    Affected: 3.4
    Affected: 3.5
    Affected: 3.6
    Affected: 3.7
        cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    din4 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3028",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T15:27:33.709385Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T15:28:13.880Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*"
              ],
              "product": "JEEWMS",
              "vendor": "erzhongxmu",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0"
                },
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "3.2"
                },
                {
                  "status": "affected",
                  "version": "3.3"
                },
                {
                  "status": "affected",
                  "version": "3.4"
                },
                {
                  "status": "affected",
                  "version": "3.5"
                },
                {
                  "status": "affected",
                  "version": "3.6"
                },
                {
                  "status": "affected",
                  "version": "3.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "din4 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T21:32:08.463Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-347384 | erzhongxmu JEEWMS JeecgListDemoController.java doAdd cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.347384"
            },
            {
              "name": "VDB-347384 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.347384"
            },
            {
              "name": "Submit #756527 | erzhongxmu JEEWMS \u22643.7 Reflected XSS",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.756527"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/JEEWMS-Stored-Cross-Site-Scripting-XSS-in-SysModule-304ea92a3c418099bed7f1e0bca12d83"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-02-23T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-02-23T15:10:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "erzhongxmu JEEWMS JeecgListDemoController.java doAdd cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3028",
        "datePublished": "2026-02-23T21:32:08.463Z",
        "dateReserved": "2026-02-23T14:05:23.655Z",
        "dateUpdated": "2026-02-25T15:28:13.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3027 (GCVE-0-2026-3027)

    Vulnerability from cvelistv5 – Published: 2026-02-23 21:02 – Updated: 2026-02-25 15:19
    VLAI
    Title
    erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting
    Summary
    A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.347383 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.347383 signaturepermissions-required
    https://vuldb.com/?submit.756523 third-party-advisory
    https://www.notion.so/JEEWMS-Reflected-XSS-Vulner… exploit
    Impacted products
    Vendor Product Version
    erzhongxmu JEEWMS Affected: 3.0
    Affected: 3.1
    Affected: 3.2
    Affected: 3.3
    Affected: 3.4
    Affected: 3.5
    Affected: 3.6
    Affected: 3.7
        cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    din4 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3027",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T15:18:36.654456Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T15:19:05.163Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "UEditor"
              ],
              "product": "JEEWMS",
              "vendor": "erzhongxmu",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0"
                },
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "3.2"
                },
                {
                  "status": "affected",
                  "version": "3.3"
                },
                {
                  "status": "affected",
                  "version": "3.4"
                },
                {
                  "status": "affected",
                  "version": "3.5"
                },
                {
                  "status": "affected",
                  "version": "3.6"
                },
                {
                  "status": "affected",
                  "version": "3.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "din4 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T21:02:08.183Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-347383 | erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.347383"
            },
            {
              "name": "VDB-347383 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.347383"
            },
            {
              "name": "Submit #756523 | erzhongxmu JEEWMS \u003c= 3.7 Reflected XSS",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.756523"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/JEEWMS-Reflected-XSS-Vulnerability-in-UEditor-Module-304ea92a3c41806a97ffc9b707f2fbf0"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-02-23T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-02-23T15:10:30.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3027",
        "datePublished": "2026-02-23T21:02:08.183Z",
        "dateReserved": "2026-02-23T14:05:20.948Z",
        "dateUpdated": "2026-02-25T15:19:05.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3026 (GCVE-0-2026-3026)

    Vulnerability from cvelistv5 – Published: 2026-02-23 20:02 – Updated: 2026-02-25 15:04
    VLAI
    Title
    erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery
    Summary
    A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.347382 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.347382 signaturepermissions-required
    https://vuldb.com/?submit.756522 third-party-advisory
    https://www.notion.so/JEEWMS-SSRF-Vulnerability-i… exploit
    Impacted products
    Vendor Product Version
    erzhongxmu JEEWMS Affected: 3.7
        cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    din4 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3026",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T15:04:36.615175Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T15:04:59.828Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "UEditor"
              ],
              "product": "JEEWMS",
              "vendor": "erzhongxmu",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "din4 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T20:02:09.909Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-347382 | erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.347382"
            },
            {
              "name": "VDB-347382 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.347382"
            },
            {
              "name": "Submit #756522 | erzhongxmu JEEWMS \u22643.7 Server-Side Request Forgery",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.756522"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.notion.so/JEEWMS-SSRF-Vulnerability-in-UEditor-Module-304ea92a3c41806782b1f7285ab0d580"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-02-23T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-02-23T15:11:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3026",
        "datePublished": "2026-02-23T20:02:09.909Z",
        "dateReserved": "2026-02-23T14:05:13.898Z",
        "dateUpdated": "2026-02-25T15:04:59.828Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-11251 (GCVE-0-2024-11251)

    Vulnerability from cvelistv5 – Published: 2024-11-15 18:00 – Updated: 2024-11-19 16:11
    VLAI
    Title
    erzhongxmu Jeewms AuthInterceptor cgReportController.do sql injection
    Summary
    A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.284687 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.284687 signaturepermissions-required
    https://gitee.com/erzhongxmu/JEEWMS/issues/IB2XZG exploitissue-tracking
    Impacted products
    Vendor Product Version
    erzhongxmu Jeewms Affected: 20241108
    Create a notification for this product.
    erzhongxmu jeewms Affected: 0 , ≤ 20241108 (custom)
        cpe:2.3:a:erzhongxmu:jeewms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    VulDB Gitee Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:erzhongxmu:jeewms:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jeewms",
                "vendor": "erzhongxmu",
                "versions": [
                  {
                    "lessThanOrEqual": "20241108",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11251",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-19T16:10:24.708428Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-19T16:11:57.733Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "AuthInterceptor"
              ],
              "product": "Jeewms",
              "vendor": "erzhongxmu",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241108"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB Gitee Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in erzhongxmu Jeewms bis 20241108 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei cgReportController.do der Komponente AuthInterceptor. Durch das Manipulieren des Arguments begin_date mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T18:00:12.868Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-284687 | erzhongxmu Jeewms AuthInterceptor cgReportController.do sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.284687"
            },
            {
              "name": "VDB-284687 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.284687"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/IB2XZG"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-11-15T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-11-15T10:04:05.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "erzhongxmu Jeewms AuthInterceptor cgReportController.do sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-11251",
        "datePublished": "2024-11-15T18:00:12.868Z",
        "dateReserved": "2024-11-15T08:57:19.277Z",
        "dateUpdated": "2024-11-19T16:11:57.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }