531 matches found
EUVD-2023-3209
Malicious code in bioql PyPI...
EUVD-2023-3186
Malicious code in bioql PyPI...
EUVD-2023-3192
Malicious code in bioql PyPI...
EUVD-2023-3180
Malicious code in bioql PyPI...
EUVD-2023-3252
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2023-41599
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal...
CVE-2024-8782
A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the publ...
CVE-2024-24375
SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter...
CVE-2024-24029
JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data...
CVE-2024-22496
Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter...
CVE-2024-22492
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML...
CVE-2024-22494
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML...
CVE-2024-22493
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML...
CVE-2024-22497
Cross Site Scripting XSS vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL...
CVE-2024-12351
A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the...
CVE-2024-5379
A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been...
CVE-2024-5310
A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to th...
CVE-2024-12349
A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...
CVE-2024-40322
An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/divdata/data...
CVE-2024-57665
JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering...