A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2ApplicationCWE-79CWE-94
erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting
Problem type
Affected products
erzhongxmu
JEEWMS
3.0 - AFFECTED
3.1 - AFFECTED
3.2 - AFFECTED
3.3 - AFFECTED
3.4 - AFFECTED
3.5 - AFFECTED
3.6 - AFFECTED
3.7 - AFFECTED
References
VDB-347383 | erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting
https://vuldb.com/?id.347383
VDB-347383 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.347383
Submit #756523 | erzhongxmu JEEWMS <= 3.7 Reflected XSS
https://vuldb.com/?submit.756523
notion.so
https://www.notion.so/JEEWMS-Reflected-XSS-Vulnerability-in-UEditor-Module-304ea92a3c41806a97ffc9b707f2fbf0
GitHub Security Advisories
GHSA-qg32-r7gw-fcxw
A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the...
https://github.com/advisories/GHSA-qg32-r7gw-fcxwA vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-3027
vuldb.com
https://vuldb.com/?ctiid.347383
vuldb.com
https://vuldb.com/?id.347383
vuldb.com
https://vuldb.com/?submit.756523
notion.so
https://www.notion.so/JEEWMS-Reflected-XSS-Vulnerability-in-UEditor-Module-304ea92a3c41806a97ffc9b707f2fbf0
github.com
https://github.com/advisories/GHSA-qg32-r7gw-fcxw
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-3027Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-3027",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-02-23T21:02:08.183Z",
"dateReserved": "2026-02-23T14:05:20.948Z",
"datePublished": "2026-02-23T21:02:08.183Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-02-23T21:02:08.183Z"
},
"title": "erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "erzhongxmu",
"product": "JEEWMS",
"cpes": [
"cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*"
],
"modules": [
"UEditor"
],
"versions": [
{
"version": "3.0",
"status": "affected"
},
{
"version": "3.1",
"status": "affected"
},
{
"version": "3.2",
"status": "affected"
},
{
"version": "3.3",
"status": "affected"
},
{
"version": "3.4",
"status": "affected"
},
{
"version": "3.5",
"status": "affected"
},
{
"version": "3.6",
"status": "affected"
},
{
"version": "3.7",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Cross Site Scripting",
"cweId": "CWE-79",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Code Injection",
"cweId": "CWE-94",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.347383",
"name": "VDB-347383 | erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.347383",
"name": "VDB-347383 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.756523",
"name": "Submit #756523 | erzhongxmu JEEWMS <= 3.7 Reflected XSS",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://www.notion.so/JEEWMS-Reflected-XSS-Vulnerability-in-UEditor-Module-304ea92a3c41806a97ffc9b707f2fbf0",
"tags": [
"exploit"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"baseScore": 5
}
}
],
"timeline": [
{
"time": "2026-02-23T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-02-23T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-02-23T15:10:30.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "din4 (VulDB User)",
"type": "reporter"
}
]
}
}
}