cvedb.io
CVE-2018-17886
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2018-10-02T18:29:02.913 · Last modified 2026-06-17T01:46:28.127

Summary

An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429.

Affected products

jeesns — jeesns

Does this affect you?

Add your gear to cvedb and we'll alert you only when jeesns ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.