Lucene search
+L

99 matches found

CVE
CVE
added 2025/01/16 12:0 a.m.49 views

CVE-2024-57773

CVE-2024-57773 affects JFinalOA prior to 2025-01-01, with an XSS vulnerability in the openSelectManyUserPage?orgid interface. The underlying issue is a cross-site scripting flaw that could allow arbitrary web scripts/HTML via crafted payloads. The CVSSv3.1 base score is 4.8 (Medium) with Network ...

4.8CVSS5.9AI score0.00279EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.5 views

JFinalOA 安全漏洞

JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...

4.8CVSS6.5AI score0.00279EPSS
Exploits1References1
NVD
NVD
added 2023/02/09 11:15 a.m.25 views

CVE-2023-0758

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

9.8CVSS7.4AI score0.00608EPSS
Exploits0References3
OSV
OSV
added 2023/02/09 11:15 a.m.8 views

CVE-2023-0758

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

9.8CVSS5.7AI score0.00608EPSS
Exploits0References3
Prion
Prion
added 2023/02/09 11:15 a.m.25 views

Sql injection

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

6.5CVSS9.7AI score0.00608EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/02/09 10:59 a.m.33 views

CVE-2023-0758 glorylion JFinalOA SysOrg.java sql injection

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

6.5CVSS10AI score0.00608EPSS
Exploits0References3
CVE
CVE
added 2023/02/09 10:59 a.m.57 views

CVE-2023-0758

CVE-2023-0758 affects glorylion JFinalOA 1.0.2. A SQL injection flaw arises from the id parameter in SysOrg.java (src/main/java/com/pointlion/mvc/common/model/SysOrg.java). The issue can be exploited remotely and leads to high impact on confidentiality, integrity, and availability. Multiple conne...

9.8CVSS8.3AI score0.00608EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/09 12:0 a.m.13 views

PT-2023-16506 · Glorylion · Jfinaloa

Name of the Vulnerable Software and Affected Versions: glorylion JFinalOA version 1.0.2 Description: A critical issue affects the processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java, where the manipulation of the id argument leads to sql injection. The attack can be...

9.8CVSS6.9AI score0.00608EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/02/09 12:0 a.m.8 views

JFinalOA SQL注入漏洞

JFinalOA is an enterprise office system based on the JFinal framework. A SQL injection vulnerability exists in JFinalOA version 1.0.2, which originates from the id parameter of the src/main/java/com/pointlion/mvc/common/model/SysOrg.java file that could lead to SQL injection...

9.8CVSS7.2AI score0.00608EPSS
Exploits0References4
CNVD
CNVD
added 2022/03/31 12:0 a.m.35 views

JFinalOA SQL Injection Vulnerability

JFinalOA is an enterprise office system developed based on the JFinal framework.JFinalOA has a SQL injection vulnerability that can be exploited by attackers to execute arbitrary SQL statements...

6.5CVSS5.3AI score0.0108EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/03/30 9:15 p.m.5 views

CVE-2021-40645

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...

6.5CVSS6.7AI score0.0108EPSS
Exploits1References3
NVD
NVD
added 2022/03/30 9:15 p.m.23 views

CVE-2021-40645

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...

6.5CVSS0.0108EPSS
Exploits1References2
OSV
OSV
added 2022/03/30 9:15 p.m.6 views

CVE-2021-40645

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...

6.5CVSS5.8AI score0.0108EPSS
Exploits1References2
Prion
Prion
added 2022/03/30 9:15 p.m.21 views

Sql injection

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...

4CVSS7AI score0.0108EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/03/30 8:56 p.m.72 views

CVE-2021-40645

glorylion JFinalOA contains an SQL injection in the defkey parameter of FlowTaskController.getHaveDoneTaskDataList. The root cause is improper handling of the defkey input, enabling arbitrary SQL execution with potential HIGH confidentiality impact. Affected versions/details are not provided in t...

6.5CVSS7AI score0.0108EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/03/30 8:56 p.m.24 views

CVE-2021-40645

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...

7.3AI score0.0108EPSS
Exploits1References2
CNVD
CNVD
added 2021/02/25 12:0 a.m.3 views

SQL Injection Vulnerability in JFinalOA

JFinalOA is based on the JFinal framework for the development of enterprise office systems . JFinalOA has a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive information from the database...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/12/14 12:0 a.m.6 views

SQL Injection Vulnerability in JFinalOA Frontend

JFinalOA is based on the JFinal framework for the development of enterprise office systems . JFinalOA front-end SQL injection vulnerability can be exploited by attackers to obtain sensitive database information...

7.9AI score
Exploits0
CNVD
CNVD
added 2020/09/28 12:0 a.m.1 views

SQL Injection Vulnerability in JfinalOA

JfinalOA is a set of open source office OA system development framework. JfinalOA SQL injection vulnerability , an attacker can exploit the vulnerability to obtain sensitive database information...

7.7AI score
Exploits0
Rows per page
Query Builder