593 matches found
CVE-2024-53477
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java...
CVE-2024-53477
CVE-2024-53477 affects JFinal CMS 5.1.0. The vulnerability is due to unauthorized deserialization in ApiForm.java, enabling remote command execution (described as a total impact on confidentiality, integrity, and availability with network attack vector and no user interaction). The CVSS v3.1 vect...
PT-2024-39248 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalCMS versions up to 1.0 Description: A critical issue affects the delete function of the file /admin/template/edit. The manipulation of the name argument leads to path traversal, allowing an attacker to delete arbitrary files. This issue...
CVE-2024-8706
A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to...
Cross-Site Scripting (XSS)
com.jfinal, jfinal is vulnerable to Cross-site scripting. The vulnerability is due to improper input validation in the Title parameter in the /admin/content file, which can be manipulated to inject malicious scripts. Attackers can exploit this vulnerability remotely to execute arbitrary scripts i...
SQL Injection
com.jfinal, jfinal is vulnerable to SQL injection. The vulnerability is due to improper input validation in the DivDataControllerdata method, allowing attackers to execute arbitrary SQL commands by manipulating the tableName field of a custom div object. Attackers can exploit this flaw by creatin...
Cross Site Scripting (XSS)
com.jfinal: jfinal is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper handling of the password parameter within the /admin/login route . This allows attackers to execute arbitrary code via crafted malicious URLs, resulting in Cross-Site Scripting...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2024-22497 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2024-22497 Source advisory: OSV:GHSA-QH2W-9M7W-HJG2...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2024-22496 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2024-22496 Source advisory: OSV:GHSA-V435-PFJ6-68R3...
JFinal Cross-Site Scripting Vulnerability
JFinal is a Java language based WEB + ORM open source framework. A cross-site scripting vulnerability exists in JFinal version 5.0.0, which originates from allowing an attacker to run arbitrary code via the /admin/login username parameter...
JFinal Cross-Site Scripting Vulnerability
JFinal is a Java language based WEB + ORM open source framework. A cross-site scripting vulnerability exists in JFinal version 5.0.0, which originates from allowing an attacker to run arbitrary code via the /admin/login password parameter...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2024-22493 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2024-22493 Source advisory: OSV:GHSA-3J4X-9Q9Q-3277...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2024-22492 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2024-22492 Source advisory: OSV:GHSA-859H-4W58-78XW...
Cross-site Scripting in JFinal
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML...
Cross Site Scripting (XSS)
com.jfinal:jfinal is vulnerable to Cross-site Scripting XSS. The vulnerability occurs due to insufficient user input sanitizations, which allows an authenticated attacker to inject and execute malicious javascript into the victim's browser...
Cross Site Scripting (XSS)
com.jfinal:jfinal is vulnerable to Cross-site Scripting XSS. Lack of proper validation for user input within the library's label management feature, exposes a Cross-Site Scripting XSS vulnerability which allows an authenticated attacker to inject malicious scripts into labels, which are then...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-50100 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-50100 Source advisory: OSV:GHSA-3HF6-F8CH-5869...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-50101 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-50101 Source advisory: OSV:GHSA-M3P6-43XJ-PF9V...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-50102 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-50102 Source advisory: OSV:GHSA-P3PH-6245-4WFC...
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-50137 via com.jfinal:jfinal (>=1.4 <=5.0.0)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-50137 Source advisory: OSV:GHSA-XV7P-JW46-8R85...