CVE-2026-2200 heyewei JFinalCMS API Endpoint save cross site scripting

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...

CVE-2026-2200

CVE-2026-2200 affects heyewei JFinalCMS 5.0.0. The weakness is in the API endpoint file /admin/admin/save; input manipulation can cause cross-site scripting. Exploitation is possible remotely and public exploits exist. The provided sources do not specify a remediation or patch version.

CVE-2023-50101

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting XSS via Label management editing...

EUVD-2024-21455

Malicious code in bioql PyPI...

CVE-2024-22494

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-22493

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-22497

Cross Site Scripting XSS vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL...

CVE-2024-24029

JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data...

CVE-2024-24029

JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data...

Sql injection

JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data...

JFinalCMS Security Vulnerability

JFinalCMS is a content management system by heyewei personal developer. A security vulnerability exists in JFinalCMS version 5.0.0, which was discovered to contain an SQL injection vulnerability via /admin/content/data...

CVE-2024-24029

JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data...

CVE-2024-22497

Cross Site Scripting XSS vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL...

Cross-site Scripting in JFinal

Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter...

CVE-2024-22496

Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter...

Cross site scripting

Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter...

CVE-2024-22496

Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter...

CVE-2024-22497

Cross Site Scripting XSS vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL...

CVE-2024-22497

Cross Site Scripting XSS vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL...

CVE-2024-22497

CVE-2024-22497 : A cross-site scripting (XSS) vulnerability affects JFinalcms 5.0.0, arising from handling of the password parameter in the /admin/login route. Exploitation via crafted URLs may allow an attacker to run arbitrary code. Multiple feeds (NVD, Red Hat, Veracode, OSV, GHSA, CNNVD, CVE ...