531 matches found
JFinalCMS v5.0.0 - Directory Traversal
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. id: CVE-2023-41599 info: name: JFinalCMS v5.0.0 - Directory Traversal author: pussycat0x severity: medium description: | An issue in the component /common/DownController.ja...
CVE-2026-2200
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...
CVE-2026-2200
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...
CVE-2026-2200
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...
CVE-2026-2200 heyewei JFinalCMS API Endpoint save cross site scripting
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...
CVE-2026-2200
CVE-2026-2200 affects heyewei JFinalCMS 5.0.0. The weakness is in the API endpoint file /admin/admin/save; input manipulation can cause cross-site scripting. Exploitation is possible remotely and public exploits exist. The provided sources do not specify a remediation or patch version.
PT-2026-7044
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...
JFinalCMS 代码注入漏洞
JFinalCMS is a content management system developed by heyewei’s individual developers. Version JFinalCMS 5.0.0 has a code injection vulnerability. This vulnerability stems from incorrect operations with the component API endpoints related to files and the ‘admin/admin/save’ endpoint, which may le...
CVE-2023-50449
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter...
CVE-2023-50100
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting XSS via carousel image editing...
CVE-2023-50101
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting XSS via Label management editing...
CVE-2023-50136
Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...
CVE-2023-49447
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/nav/update...
CVE-2023-49375
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/friendlink/update...
CVE-2023-49485
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the column management department...
CVE-2023-49377
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/tag/update...
CVE-2023-49395
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/category/update...
CVE-2023-49382
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/div/delete...
CVE-2023-49373
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/slide/delete...
CVE-2023-49378
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/form/save...