JEEWMS — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in JEEWMS, with AI-generated Chinese analysis, references, and POCs.

Vendor: erzhongxmu

CVE ID	Title	CVSS	Severity	Published
CVE-2026-3028	erzhongxmu JEEWMS JeecgListDemoController.java doAdd cross site scripting CWE-79	4.3	Medium	2026-02-23
CVE-2026-3027	erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting CWE-79	4.3	Medium	2026-02-23
CVE-2026-3026	erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery CWE-918	7.3	High	2026-02-23
CVE-2025-5390	JeeWMS File filedeal.do filedeal access control CWE-284	6.3	Medium	2025-05-31
CVE-2025-5389	JeeWMS File generateController.do dogenerateOne2Many access control CWE-284	6.3	Medium	2025-05-31
CVE-2025-5388	JeeWMS generateController.do dogenerate sql injection CWE-89	6.3	Medium	2025-05-31
CVE-2025-5387	JeeWMS File generateController.do dogenerate access control CWE-284	6.3	Medium	2025-05-31
CVE-2025-5386	JeeWMS cgformTransController.do transEditor sql injection CWE-89	6.3	Medium	2025-05-31
CVE-2025-5385	JeeWMS cgformTemplateController.do doAdd path traversal CWE-22	6.3	Medium	2025-05-31
CVE-2025-5384	JeeWMS cgAutoListController.do CgAutoListController sql injection CWE-89	6.3	Medium	2025-05-31
CVE-2025-0392	Guangzhou Huayi Intelligent Technology Jeewms graphReportController.do datagridGraph sql injection CWE-89	6.3	Medium	2025-01-11
CVE-2025-0391	Guangzhou Huayi Intelligent Technology Jeewms CgFormBuildController. java saveOrUpdate sql injection CWE-89	6.3	Medium	2025-01-11
CVE-2025-0390	Guangzhou Huayi Intelligent Technology Jeewms wmOmNoticeHController.do path traversal CWE-24	5.3	Medium	2025-01-11
CVE-2024-12347	Guangzhou Huayi Intelligent Technology Jeewms Druid Monitoring Interface index.html improper authorization CWE-285	5.3	Medium	2024-12-08
CVE-2024-11961	Guangzhou Huayi Intelligent Technology Jeewms WmOmNoticeHController.java preHandle information disclosure CWE-200	5.3	Medium	2024-11-28
CVE-2024-11251	erzhongxmu Jeewms AuthInterceptor cgReportController.do sql injection CWE-89	6.3	Medium	2024-11-15

All 16 known CVE vulnerabilities affecting JEEWMS with full Chinese analysis, references, and POCs where available.