Arbitrary Code Execution via Cross Site Scripting (XSS) in Jeesns v1.4.2

Arbitrary Code Execution via Cross Site Scripting (XSS) in Jeesns v1.4.2

CVE-2020-18035 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java".

Learn more about our Web Application Penetration Testing UK.