Home/Product/jpress
Product

jpress

19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-12348
all versions
A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the functi
3.5LOW
 CVE-2024-11971
all versions
A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is a
3.5LOW
 CVE-2024-50919
<= 5.1.1
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as
9.8CRITICAL
 CVE-2024-46468
<= 5.1.1
A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain
7.5HIGH
 CVE-2024-8304
<= 5.1.1
A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown func
4.7MEDIUM
 CVE-2024-43033
<= 5.1.1
JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA t
8.8HIGH
 CVE-2024-32358
all versions
An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module fu
7.5HIGH
 CVE-2022-23330
all versions
A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitra
8.8HIGH
 CVE-2021-46114
all versions
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function
8.8HIGH
 CVE-2021-46118
all versions
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel
7.2HIGH
 CVE-2021-46116
all versions
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provide
7.2HIGH
 CVE-2021-46115
all versions
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function th
7.2HIGH
 CVE-2021-46117
all versions
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides
7.2HIGH
 CVE-2021-45808
all versions
jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.
8.8HIGH
 CVE-2021-45807
all versions
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.
9.8CRITICAL
 CVE-2021-45806
all versions
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.
8.8HIGH
 CVE-2021-33347
<= 3.3.0
An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module
5.4MEDIUM
 CVE-2019-6278
all versions
XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.
5.4MEDIUM
 CVE-2018-19170
all versions
In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as
4.8MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin