8 matches found
CVE-2023-22975
A cross-site scripting XSS vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html...
CVE-2022-34928
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user...
Sql injection
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user...
Sql injection
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinalcms/system/dict/list...
Design/Logic Flaw
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...
CVE-2022-33114
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinalcms/system/dict/list...
Cross site scripting
A cross-site scripting XSS vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request...
CVE-2022-29648
A cross-site scripting XSS vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request...