Cross-site Scripting in JFinal

2024-01-2321:30:20

CWE-79

GitHub Advisory Database

github.com

cross site scripting

jfinalcms

arbitrary code

crafted url

security vulnerability

6.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.6%

JSON

Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.

CPENameOperatorVersion
com.jfinal:jfinalle5.0.0

CPE	Name	Operator	Version
	com.jfinal:jfinal	le	5.0.0

References

github.com/advisories/GHSA-qh2w-9m7w-hjg2

github.com/cui2shark/security/blob/main/%28JFinalcms%20admin-login-password%29%20.md

nvd.nist.gov/vuln/detail/CVE-2024-22497