2 matches found
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49448 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49448 Source advisory: OSV:GHSA-PV3G-VC3Q-8C9G...
CVE-2023-49448
JFinalCMS v5.0.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the admin/nav/delete endpoint. The CVE-2023-49448 entry identifies a CSRF issue with high impact to confidentiality, integrity, and availability (CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). No exploitation d...