GHSA-2C25-XFPQ-8W9R Cross-site scripting in jfinal

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...

JFinal 跨站脚本漏洞

JFinal is a Java language based WEB + ORM open source framework. JFinal JFinal has a security vulnerability that stems from the set method of the Controller class in Jfinal version v4.9.10 and below is not strictly filtered , which can lead to XSS vulnerability in some cases...