4 matches found
CVE-2023-49487
creationtimestamp| type| source ---|---|--- 2023-12-31 15:46:20+00:00| seen| https://t.me/ctinow/161116...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49487 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49487 Source advisory: OSV:GHSA-M42V-QV3C-H6J7...
CVE-2023-49487
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the navigation management department...
CVE-2023-49487
CVE-2023-49487 concerns a cross-site scripting (XSS) vulnerability in JFinalCMS v5.0.0, located in the navigation management department. The root cause is insufficient filtering/escaping of user-supplied data, enabling arbitrary Web script or HTML execution. The CVSSv3.1 base score is 5.4 (Medium...