Lucene search
K

591 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:56 a.m.12 views

CVE-2023-34645

jfinal CMS 5.1.0 has an arbitrary file read vulnerability...

7.5CVSS7AI score0.00799EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:42 a.m.8 views

CVE-2023-30349

JFinal CMS v5.1.0 was discovered to contain a remote code execution RCE vulnerability via the ActionEnter function...

9.8CVSS8.2AI score0.01562EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.5 views

CVE-2023-22975

A cross-site scripting XSS vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html...

6.1CVSS5.8AI score0.00423EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:52 a.m.4 views

CVE-2023-24747

Jfinal CMS v5.1 was discovered to contain a cross-site scripting XSS vulnerability via the component /system/dict/list...

5.4CVSS6.2AI score0.00373EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:4 a.m.6 views

CVE-2022-37209

JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...

8.8CVSS7.5AI score0.0112EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:36 a.m.14 views

CVE-2022-33114

Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinalcms/system/dict/list...

7.2CVSS8.3AI score0.00911EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:43 p.m.4 views

CVE-2022-34928

JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user...

8.8CVSS8.3AI score0.00755EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:18 p.m.4 views

CVE-2022-38279

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list...

7.2CVSS7.1AI score0.00874EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:16 p.m.8 views

CVE-2022-36527

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...

5.4CVSS7.1AI score0.00413EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:16 p.m.4 views

CVE-2022-38285

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...

7.2CVSS7.1AI score0.00874EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:16 p.m.3 views

CVE-2022-38276

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list...

7.2CVSS7.1AI score0.00874EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:16 p.m.5 views

CVE-2022-38284

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list...

7.2CVSS8.1AI score0.00874EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:13 p.m.15 views

CVE-2022-38275

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list...

7.2CVSS8.1AI score0.00874EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:11 p.m.10 views

CVE-2022-37223

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinalcms/system/role/list...

9.8CVSS8AI score0.00777EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:48 p.m.9 views

CVE-2022-30500

Jfinal cms 5.1.0 is vulnerable to SQL Injection...

9.8CVSS7.4AI score0.01011EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:44 p.m.7 views

CVE-2022-29648

A cross-site scripting XSS vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request...

5.4CVSS5.7AI score0.0048EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:49 p.m.7 views

CVE-2022-38280

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list...

7.2CVSS8.1AI score0.00874EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:42 p.m.8 views

CVE-2021-31635

Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...

9.8CVSS8AI score0.01206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:4 p.m.5 views

CVE-2020-19148

Cross Site Scripting XSS in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinalcms/front/person/profile.html'...

5.4CVSS6.8AI score0.01049EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:4 p.m.7 views

CVE-2020-19150

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete' function in the component 'modules/filemanager/FileManagerController.java'...

8.1CVSS7AI score0.03379EPSS
Exploits1
Rows per page
Query Builder