A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19287
Reference (s):
- https://github.com/zchuanzhao/jeesns/issues/16
- https://www.seebug.org/vuldb/ssvid-97945