Show filters
15 Total Results
Displaying 11-15 of 15
Sort by:
Attacker Value
Unknown

CVE-2021-45807

Disclosure Date: January 13, 2022 (last updated October 07, 2023)
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-45806

Disclosure Date: January 13, 2022 (last updated February 23, 2025)
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-33347

Disclosure Date: June 18, 2021 (last updated February 22, 2025)
An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-6278

Disclosure Date: January 14, 2019 (last updated November 27, 2024)
XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.
0
0
Attacker Value
Unknown

CVE-2018-19170

Disclosure Date: November 11, 2018 (last updated November 27, 2024)
In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter.
0
0
View More Topics  < Previous