CVE-2026-3027 MEDIUM

CVE-2026-3027: erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting

Vendor Erzhongxmu
Product JEEWMS
Weakness CWE-79 · XSS
Published February 23, 2026
Last update February 25, 2026
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

February 23, 2026 CVE published
February 25, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-45278 Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice CVE-2025-2793 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting CVE-2025-53297 WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability CVE-2025-58850 WordPress Showpass WordPress Extension Plugin <= 4.0.3 - Cross Site Scripting (XSS) Vulnerability CVE-2021-24558 Project Status <= 1.6 - Reflected Cross-Site Scripting (XSS)