CVE-2021-33348

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...

EUVD-2021-1510

Malware in sbrugna...

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2024-22492 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2024-22492 Source advisory: OSV:GHSA-859H-4W58-78XW...

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49447 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49447 Source advisory: OSV:GHSA-32J2-C7MX-V4JJ...

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49380 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49380 Source advisory: OSV:GHSA-765F-3MGX-24PW...

JFinal 安全漏洞

JFinal is a Java language based WEB + ORM open source framework. A security vulnerability exists in JFinal version v.4.9.08, which originated from allowing remote attackers to execute arbitrary code via template functions...

JFinal 跨站脚本漏洞

JFinal is a Java language based WEB + ORM open source framework. JFinal version 5.1.0 suffers from a cross-site scripting vulnerability that stems from not filtering user input , resulting in cross-site scripting...

JFinal SQL注入漏洞

JFinal is a Java language based WEB + ORM open source framework. JFinal CMS version 5.1.0 SQL injection vulnerability , the vulnerability stems from the lack of measures to prevent sql injection , resulting in SQL injection...

JFinal SQL注入漏洞

JFinal is a Java language based WEB + ORM open source framework. JFinal CMS 5.1.0 SQL injection vulnerability exists , the vulnerability stems from the id, name, menu key interface does not use the same components , there is no filter , but each uses its own SQL connection , resulting in SQL...

CVE-2022-38280

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list...

JFinal SQL注入漏洞

JFinal is a Java-based WEB + ORM open source framework. JFinal CMS version 5.1.0 has a security vulnerability , the vulnerability stems from /admin/article/listapprove SQL injection vulnerability...

JFinal SQL注入漏洞

JFinal is a Java-based WEB + ORM open source framework. JFinal CMS version 5.1.0 has a security vulnerability , the vulnerability stems from /admin/imagealbum/list SQL injection vulnerability...

JFinal SQL注入漏洞

JFinal is a Java-based WEB + ORM open source framework. JFinal CMS version 5.1.0 has a security vulnerability , the vulnerability stems from /admin/site/list SQL injection vulnerability...

JFinal SQL注入漏洞

JFinal is a Java-based WEB + ORM open source framework. JFinal CMS version 5.1.0 has a security vulnerability , the vulnerability stems from /admin/friendlylink/list SQL injection vulnerability...

GitHub Security Lab: [Java]: CWE-073 - File path injection with the JFinal framework

This bug was reported directly to GitHub Security Lab...

GHSA-2C25-XFPQ-8W9R Cross-site scripting in jfinal

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...

CVE-2021-33348

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...

CVE-2021-33348

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...

CVE-2021-33348

CVE-2021-33348 affects JFinal framework v4.9.10 and earlier. The issue is that the Controller.set method is not strictly filtered, which can lead to cross-site scripting (XSS) vulnerabilities in some scenarios. This is supported by multiple sources in the connected documents (NVD entry, Red Hat a...

CVE-2021-33348

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...