jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. Note: It is asserted that this vulnerability is not present in the standard installation of Jalios...
6.1CVSS
5.9AI Score
0.001EPSS
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev...
9.8CVSS
9.3AI Score
0.062EPSS