CVE-2026-3028

Medium CVSS: 5.3

A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Huayi-tec

Product

Jeewms

CWE

CWE-79

Yayın Tarihi

2026-02-23 22:16:25

Güncelleme

2026-02-26 03:05:29

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 Jeewms MEDIUM Huayi-tec 2026

Referanslar

https://vuldb.com/?ctiid.347384 https://vuldb.com/?id.347384 https://vuldb.com/?submit.756527 https://www.notion.so/JEEWMS-Stored-Cross-Site-Scripting-XSS-in-SysModule-304ea92a3c418099bed7f1e0bca12d83

Benzer Kayıtlar

Medium

CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 paramet…

Medium

CVE-2025-60268

An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the sa…

Critical

CVE-2025-60269

JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework…

Medium

CVE-2025-55834

A Cross Site Scripting vulnerability in JeeWMS v.3.7 and before allows a remote attacker to obtain sensitive information…

Medium

CVE-2025-5389

A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is th…

Medium

CVE-2025-5390

A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedea…