Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module.
CPE | Name | Operator | Version |
---|---|---|---|
jfinal_cms | eq | 1.4 | |
jfinal_cms | eq | 3.1.0 | |
jfinal_cms | eq | 5.1.0 | |
jfinal_cms | eq | 2.6.0 | |
jfinal_cms | eq | 4.1.4 | |
jfinal_cms | eq | 1.2 | |
jfinal_cms | eq | 2.8.0 | |
jfinal_cms | eq | 4.1.2 | |
jfinal_cms | eq | 5.0.1 | |
jfinal_cms | eq | 2.4.0 |