CVE-2026-3027
Cross-Site Scripting in erzhongxmu JEEWMS UEditor Component
Publication date: 2026-02-23
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jeewms | jeewms | From 3.2 (inc) to 3.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3027 is a reflected cross-site scripting (XSS) vulnerability found in erzhongxmu JEEWMS versions up to 3.7, specifically in the UEditor component within the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp.
The vulnerability arises because the argument myEditor is not properly sanitized, allowing an attacker to inject malicious scripts that are reflected back to the userβs browser.
This flaw enables remote attackers to execute arbitrary scripts in the context of the victimβs browser without requiring authentication, although some user interaction is needed to trigger the attack.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts in your browser, which can lead to session hijacking, defacement, or other malicious actions.
It affects data integrity by enabling unauthorized script execution, potentially compromising user interactions with the affected web application.
Since the attack can be launched remotely and the exploit is publicly available, it poses a real risk if the vulnerable component is in use.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying if the vulnerable file is accessible and if the myEditor argument is improperly sanitized, leading to reflected cross-site scripting.'}, {'type': 'paragraph', 'content': 'One method to detect vulnerable targets is to use Google dorking with the query: inurl:src/main/webapp/plug-in/ueditor/jsp/getContent.jsp'}, {'type': 'paragraph', 'content': 'Additionally, you can test the URL pattern http://[target]:[port]/jeewms/plug-in/ueditor/jsp/getContent.jsp by injecting a script payload into the myEditor parameter and observing if it is reflected unsanitized in the response.'}, {'type': 'list_item', 'content': 'Example curl command to test for XSS reflection: curl -G "http://[target]:[port]/jeewms/plug-in/ueditor/jsp/getContent.jsp" --data-urlencode "myEditor=<script>alert(1)</script>"'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
There are no known countermeasures or vendor-provided patches for this vulnerability as the vendor did not respond to the disclosure.
Immediate mitigation steps include replacing the affected UEditor component with an alternative product that does not have this vulnerability.
Additionally, consider implementing web application firewall (WAF) rules to detect and block malicious payloads targeting the myEditor parameter.
Limiting user interaction with the vulnerable endpoint and monitoring for exploit attempts can also help reduce risk.