CVE-2020-19281

Name of the Vulnerable Software and Affected Versions: Jeesns version 1.4.2

Description: A stored cross-site scripting (XSS) issue in the "/manage/loginusername" component allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. This enables the execution of malicious code on the affected system.

Recommendations: For Jeesns version 1.4.2, consider disabling the /manage/loginusername component until a patch is available. Restrict access to this component to minimize the risk of exploitation. Avoid using the username field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.