Lucene search

GoogleOSV:CVE-2020-19288

HistorySep 09, 2021 - 11:15 p.m.

CVE-2020-19288

2021-09-0923:15:09

Google

osv.dev

cross-site scripting

jeesns

cve-2020-19288

web scripts

html

private message

vulnerability

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

21.8%

JSON

A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message.

References

github.com/zchuanzhao/jeesns/issues/17

www.seebug.org/vuldb/ssvid-97946