CVE-2026-3027 - Vulnerability Analysis
MediumCVSS: 4.3Last Updated: February 24, 2026
erzhongxmu JEEWMS - Stored XSS
Published: February 23, 2026Updated: February 24, 2026PoC AvailableRemote Exploitable
Overview
erzhongxmu JEEWMS <= 3.7 contains a stored XSS caused by manipulation of the "myEditor" argument in src/main/webapp/plug-in/ueditor/jsp/getContent.jsp, letting remote attackers execute scripts, exploit requires no special privileges.
Severity & Score
Severity: Medium
CVSS Score: 4.3
Impact
Remote attackers can execute arbitrary scripts in users' browsers, potentially leading to session hijacking or data theft.
Mitigation
Update to the latest version of erzhongxmu JEEWMS.
References
Related Resources
Details
- CVE ID
- CVE-2026-3027
- Severity
- Medium
- CVSS Score
- 4.3
- Type
- stored_xss
- Status
- confirmed
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N