Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Jpress Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-45806 1 Jpress 1 Jpress 2022-07-12 6.5 MEDIUM 8.8 HIGH
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.
CVE-2022-23330 1 Jpress 1 Jpress 2022-02-09 6.5 MEDIUM 8.8 HIGH
A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.
CVE-2021-46114 1 Jpress 1 Jpress 2022-02-03 6.5 MEDIUM 8.8 HIGH
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
CVE-2021-46116 1 Jpress 1 Jpress 2022-02-02 6.5 MEDIUM 7.2 HIGH
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.
CVE-2021-46118 1 Jpress 1 Jpress 2022-02-02 6.5 MEDIUM 7.2 HIGH
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
CVE-2021-46115 1 Jpress 1 Jpress 2022-02-01 6.5 MEDIUM 7.2 HIGH
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.
CVE-2021-46117 1 Jpress 1 Jpress 2022-02-01 6.5 MEDIUM 7.2 HIGH
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
CVE-2021-45808 1 Jpress 1 Jpress 2022-01-25 6.5 MEDIUM 8.8 HIGH
jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.