Jfinal CMS is a powerful information consulting website developed in java, using the simple and powerful JFinal as the web framework, template engine with beetl, database with mysql, front-end bootstrap framework. cross-site scripting vulnerability exists in Jfinal CMS v5.1.0 version, which originates from the release of the blog module under The keyword text field lacks a data validation filter for user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
jfinal cms jfinal cms v | eq | 5.1.0 |