Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jalios Subscribe
Filtered by product Jcms
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15497 1 Jalios 1 Jcms 2022-01-01 4.3 MEDIUM 6.1 MEDIUM
** DISPUTED ** jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. Note: It is asserted that this vulnerability is not present in the standard installation of Jalios JCMS.
CVE-2019-19033 1 Jalios 1 Jcms 2020-08-24 7.5 HIGH 9.8 CRITICAL
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.