CVE-2026-3028 | erzhongxmu JEEWMS up to 3.7 JeecgListDemoController.java doAdd Name cross site scripting

A vulnerability, which was classified as problematic, has been found in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripting.

This vulnerability appears as CVE-2026-3028. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3028 | erzhongxmu JEEWMS up to 3.7 JeecgListDemoController.java doAdd Name cross site scripting

Post correlati

CVE-2025-13699 | MariaDB mariadb-dump path traversal (ZDI-25-1025)

CVE-2024-39773 | Wavlink AC3000 M33A8.V5030.210505 testsave.sh missing authentication (TALOS-2024-2035)

CVE-2025-66478 | vercel Next.js React Flight Protocol deserialization

CVE-2024-9262 | User Meta Plugin up to 3.1 on WordPress resource injection