Jfinal CMS is a powerful information consulting website developed in java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS has a cross-site scripting vulnerability, the vulnerability stems from the developer does not filter the parameters submitted to the user input form Any user with backend privileges can affect system security by entering malicious code. An attacker could use this vulnerability to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
jfinal cms jfinal cms | le | 5.1.0 |