Jalios: Security Vulnerabilities
jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. Note: It is asserted that this vulnerability is not present in the standard installation of Jalios JCMS
CVSS Score
5.3
EPSS Score
0.004
Published
2020-07-17
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.
CVSS Score
9.8
EPSS Score
0.009
Published
2019-11-21