Lucene search
HistoryAug 25, 2022 - 7:15 p.m.
CVE-2022-36527
cve-2022-36527
jfinal cms
web security
arbitrary code execution
html injection
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
24.6%
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
Affected configurations
Node
jflyfoxjfinal_cmsMatch5.1.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| jflyfox:jfinal_cms | jflyfox jfinal cms | eq | 5.1.0 |
References
Social References
More
Related
prion
prion
Design/Logic Flaw
2022-08-25 19:15:00
github
github
Jfinal Cross-site Scripting vulnerability
2022-08-26 00:03:30
osv
osv
Jfinal Cross-site Scripting vulnerability
2022-08-26 00:03:30
CVE-2022-36527
2022-08-25 19:15:08
nvd
nvd
CVE-2022-36527
2022-08-25 19:15:08
cvelist
cvelist
CVE-2022-36527
2022-08-25 18:46:06
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
24.6%
Related for CVE-2022-36527