Lucene search
K

593 matches found

OSV
OSV
added 2024/12/02 12:0 a.m.6 views

CVE-2024-53477

JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java...

9.8CVSS7.4AI score0.00847EPSS
Exploits0References4
CVE
CVE
added 2024/12/02 12:0 a.m.111 views

CVE-2024-53477

CVE-2024-53477 affects JFinal CMS 5.1.0. The vulnerability is due to unauthorized deserialization in ApiForm.java, enabling remote command execution (described as a total impact on confidentiality, integrity, and availability with network attack vector and no user interaction). The CVSS v3.1 vect...

9.8CVSS6.9AI score0.00847EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.6 views

PT-2024-39248 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS versions up to 1.0 Description: A critical issue affects the delete function of the file /admin/template/edit. The manipulation of the name argument leads to path traversal, allowing an attacker to delete arbitrary files. This issue...

9.8CVSS6.8AI score0.00725EPSS
Exploits1References10
OSV
OSV
added 2024/09/12 12:15 a.m.5 views

CVE-2024-8706

A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to...

6.5CVSS4.8AI score0.00749EPSS
Exploits1References5
Veracode
Veracode
added 2024/07/31 5:46 a.m.14 views

Cross-Site Scripting (XSS)

com.jfinal, jfinal is vulnerable to Cross-site scripting. The vulnerability is due to improper input validation in the Title parameter in the /admin/content file, which can be manipulated to inject malicious scripts. Attackers can exploit this vulnerability remotely to execute arbitrary scripts i...

5.4CVSS7.2AI score0.00364EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/07/18 6:43 a.m.20 views

SQL Injection

com.jfinal, jfinal is vulnerable to SQL injection. The vulnerability is due to improper input validation in the DivDataControllerdata method, allowing attackers to execute arbitrary SQL commands by manipulating the tableName field of a custom div object. Attackers can exploit this flaw by creatin...

8.8CVSS8.3AI score0.00433EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2024/01/25 6:0 a.m.27 views

Cross Site Scripting (XSS)

com.jfinal: jfinal is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper handling of the password parameter within the /admin/login route . This allows attackers to execute arbitrary code via crafted malicious URLs, resulting in Cross-Site Scripting...

6.1CVSS7.1AI score0.00435EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2024/01/23 9:30 p.m.7 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2024-22497 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2024-22497 Source advisory: OSV:GHSA-QH2W-9M7W-HJG2...

6.1CVSS6.3AI score0.00435EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/01/23 6:31 p.m.5 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2024-22496 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2024-22496 Source advisory: OSV:GHSA-V435-PFJ6-68R3...

6.1CVSS6.3AI score0.00435EPSS
Exploits1
CNNVD
CNNVD
added 2024/01/23 12:0 a.m.6 views

JFinal Cross-Site Scripting Vulnerability

JFinal is a Java language based WEB + ORM open source framework. A cross-site scripting vulnerability exists in JFinal version 5.0.0, which originates from allowing an attacker to run arbitrary code via the /admin/login username parameter...

6.1CVSS6.6AI score0.00435EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/23 12:0 a.m.6 views

JFinal Cross-Site Scripting Vulnerability

JFinal is a Java language based WEB + ORM open source framework. A cross-site scripting vulnerability exists in JFinal version 5.0.0, which originates from allowing an attacker to run arbitrary code via the /admin/login password parameter...

6.1CVSS6.8AI score0.00435EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2024/01/12 6:30 p.m.6 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2024-22493 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2024-22493 Source advisory: OSV:GHSA-3J4X-9Q9Q-3277...

5.4CVSS6AI score0.00556EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/01/12 6:30 p.m.8 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2024-22492 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2024-22492 Source advisory: OSV:GHSA-859H-4W58-78XW...

5.4CVSS6AI score0.00556EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2024/01/12 6:30 p.m.27 views

Cross-site Scripting in JFinal

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML...

5.4CVSS6AI score0.00556EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/12/18 6:29 a.m.19 views

Cross Site Scripting (XSS)

com.jfinal:jfinal is vulnerable to Cross-site Scripting XSS. The vulnerability occurs due to insufficient user input sanitizations, which allows an authenticated attacker to inject and execute malicious javascript into the victim's browser...

5.4CVSS6.4AI score0.00428EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2023/12/18 6:15 a.m.16 views

Cross Site Scripting (XSS)

com.jfinal:jfinal is vulnerable to Cross-site Scripting XSS. Lack of proper validation for user input within the library's label management feature, exposes a Cross-Site Scripting XSS vulnerability which allows an authenticated attacker to inject malicious scripts into labels, which are then...

5.4CVSS5.5AI score0.00439EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2023/12/14 6:30 p.m.3 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-50100 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-50100 Source advisory: OSV:GHSA-3HF6-F8CH-5869...

5.4CVSS6AI score0.00444EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/12/14 6:30 p.m.6 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-50101 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-50101 Source advisory: OSV:GHSA-M3P6-43XJ-PF9V...

5.4CVSS6AI score0.00439EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/12/14 6:30 p.m.5 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-50102 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-50102 Source advisory: OSV:GHSA-P3PH-6245-4WFC...

5.4CVSS6AI score0.00428EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/12/14 6:30 p.m.5 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-50137 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-50137 Source advisory: OSV:GHSA-XV7P-JW46-8R85...

5.4CVSS6AI score0.00444EPSS
Exploits1
Rows per page
Query Builder