Medium
CVSS: 5.3
A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site…
Medium
CVSS: 6.9
A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to ser…
Critical
CVSS: 9.8
Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API.
Critical
CVSS: 9.8
JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.
Medium
CVSS: 5.5
A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file.
Medium
CVSS: 6.5
JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java.
High
CVSS: 7.5
JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava.