CVE-2018-17886 Date: (C)2018-10-04 (M)2023-12-22
An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a CVSS Score and Metrics +CVSS Score and Metrics -
CVSS V3 Severity: CVSS V2 Severity: CVSS Score : 5.4 CVSS Score : 3.5 Exploit Score: 2.3 Exploit Score: 6.8 Impact Score: 2.7 Impact Score: 2.9 CVSS V3 Metrics: CVSS V2 Metrics: Attack Vector: NETWORK Access Vector: NETWORK Attack Complexity: LOW Access Complexity: MEDIUM Privileges Required: LOW Authentication: SINGLE User Interaction: REQUIRED Confidentiality: NONE Scope: CHANGED Integrity: PARTIAL Confidentiality: LOW Availability: NONE Integrity: LOW Availability: NONE