99 matches found
CVE-2024-57769
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser...
CVE-2024-57771
A cross-site scripting XSS vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-57770
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/saveoaContractApply.id...
CVE-2024-57776
A cross-site scripting XSS vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
JFinalOA 安全漏洞
JFinalOA is an enterprise office system based on the JFinal framework developed by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01, which stems from the discovery of an SQL injection vulnerability via the component getWorkFlowHis?insid...
CVE-2024-57772
A cross-site scripting XSS vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-57769
CVE-2024-57769 affects JFinalOA prior to 2025.01.01, where a SQL injection flaw exists in the component borrowmoney/listData?applyUser . The issue is caused by improper handling of user input in this endpoint, enabling high-severity (C/H, I/H, A/H) impact per CVSS 3.1 with NETWORK attack vector, ...
CVE-2024-57768
CVE-2024-57768 affects JFinalOA prior to 2025.01.01 and is due to a SQL injection in the component validRoleKey?sysRole.key. Reported CVSSv3.1 base score 9.8 (CRITICAL) with network attack vector, no privileges, no user interaction required, and high impact on confidentiality, integrity, and avai...
PT-2025-3566 · Jfinaloa · Jfinaloa
Name of the Vulnerable Software and Affected Versions: JFinalOA versions prior to 2025.01.01 Description: A cross-site scripting XSS issue in the "/bumph/getDraftListPage?type" interface allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For versions...
PT-2025-3562 · Jfinaloa · Jfinaloa
Name of the Vulnerable Software and Affected Versions: JFinalOA versions prior to v2025.01.01 Description: The issue is a SQL injection vulnerability via the component validRoleKey?sysRole.key. This vulnerability allows for the injection of malicious SQL code, potentially leading to unauthorized...
JFinalOA 安全漏洞
JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...
JFinalOA 安全漏洞
JFinalOA is an enterprise office system based on the JFinal framework developed by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01, which stems from the discovery of an SQL injection vulnerability via the component...
CVE-2024-57770
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/saveoaContractApply.id...
CVE-2024-57771
A cross-site scripting XSS vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-57776
A cross-site scripting XSS vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-57774
A cross-site scripting XSS vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-57772
A cross-site scripting XSS vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-57769
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser...
CVE-2024-57775
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid...
JFinalOA 安全漏洞
JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...