Lucene search
+L

99 matches found

ptsecurity
ptsecurity
added 2025/01/16 12:0 a.m.10 views

PT-2025-3564 · Jfinaloa · Jfinaloa

Name of the Vulnerable Software and Affected Versions: JFinalOA versions prior to v2025.01.01 Description: A SQL injection issue was discovered in the component apply/saveoaContractApply.id. This allows for potential SQL injection attacks. Recommendations: For versions prior to v2025.01.01, updat...

8.8CVSS7.8AI score0.00568EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2025/01/16 12:0 a.m.10 views

CVE-2024-57770

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/saveoaContractApply.id...

8.3AI score0.00568EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/01/16 12:0 a.m.7 views

CVE-2024-57776

A cross-site scripting XSS vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.7AI score0.00273EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/01/16 12:0 a.m.3 views

JFinalOA 安全漏洞

JFinalOA is an enterprise office system based on the JFinal framework developed by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01, which stems from the discovery of an SQL injection vulnerability via the component getWorkFlowHis?insid...

8.8CVSS7.9AI score0.00568EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/01/16 12:0 a.m.7 views

CVE-2024-57772

A cross-site scripting XSS vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.8AI score0.00279EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/01/16 12:0 a.m.5 views

PT-2025-3566 · Jfinaloa · Jfinaloa

Name of the Vulnerable Software and Affected Versions: JFinalOA versions prior to 2025.01.01 Description: A cross-site scripting XSS issue in the "/bumph/getDraftListPage?type" interface allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For versions...

4.8CVSS5.7AI score0.00279EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2025/01/16 12:0 a.m.10 views

CVE-2024-57774

A cross-site scripting XSS vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.8AI score0.00279EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/01/16 12:0 a.m.9 views

CVE-2024-57769

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser...

8.5AI score0.00568EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/01/16 12:0 a.m.4 views

JFinalOA 安全漏洞

JFinalOA is an enterprise office system based on the JFinal framework developed by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01, which stems from the discovery of an SQL injection vulnerability via the component...

8.8CVSS7.9AI score0.00568EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/01/16 12:0 a.m.11 views

CVE-2024-57775

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid...

9AI score0.00568EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/01/16 12:0 a.m.4 views

JFinalOA 安全漏洞

JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...

4.8CVSS6.5AI score0.00279EPSS
Exploits1References1
cve
cve
added 2025/01/16 12:0 a.m.57 views

CVE-2024-57774

CVE-2024-57774 describes a cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA prior to v2025.01.01. The underlying issue is input handling in that interface allowing crafted payloads to execute arbitrary script/HTML in a victim’s browser. Affecte...

4.8CVSS5.9AI score0.00279EPSS
Exploits1References1Affected Software1
cve
cve
added 2025/01/16 12:0 a.m.76 views

CVE-2024-57768

CVE-2024-57768 affects JFinalOA prior to 2025.01.01 and is due to a SQL injection in the component validRoleKey?sysRole.key. Reported CVSSv3.1 base score 9.8 (CRITICAL) with network attack vector, no privileges, no user interaction required, and high impact on confidentiality, integrity, and avai...

9.8CVSS8.3AI score0.00477EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2025/01/16 12:0 a.m.4 views

PT-2025-3565 · Jfinaloa · Jfinaloa

Name of the Vulnerable Software and Affected Versions: JFinalOA versions prior to 2025.01.01 Description: A cross-site scripting XSS issue in the "common/getEditPage?view" interface allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This could potentially lead to the...

4.8CVSS5.9AI score0.00307EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2025/01/16 12:0 a.m.4 views

PT-2025-3570 · Jfinaloa · Jfinaloa

Name of the Vulnerable Software and Affected Versions: JFinalOA versions prior to 2025.01.01 Description: A cross-site scripting XSS issue in the "/apply/getEditPage?view" interface allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This enables the execution of...

4.6CVSS5.9AI score0.00273EPSS
Exploits1References7
cvelist
cvelist
added 2025/01/16 12:0 a.m.15 views

CVE-2024-57773

A cross-site scripting XSS vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

0.00279EPSS
Exploits1References1
cve
cve
added 2025/01/16 12:0 a.m.47 views

CVE-2024-57773

CVE-2024-57773 affects JFinalOA prior to 2025-01-01, with an XSS vulnerability in the openSelectManyUserPage?orgid interface. The underlying issue is a cross-site scripting flaw that could allow arbitrary web scripts/HTML via crafted payloads. The CVSSv3.1 base score is 4.8 (Medium) with Network ...

4.8CVSS5.9AI score0.00279EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2025/01/16 12:0 a.m.5 views

PT-2025-3567 · Jfinaloa · Jfinaloa

Name of the Vulnerable Software and Affected Versions: JFinalOA versions prior to 2025.01.01 Description: A cross-site scripting XSS issue in the openSelectManyUserPage?orgid interface of JFinalOA allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This enables the...

4.8CVSS5.9AI score0.00279EPSS
Exploits1References6
cnnvd
cnnvd
added 2025/01/16 12:0 a.m.3 views

JFinalOA 安全漏洞

JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...

4.8CVSS6.5AI score0.00279EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/01/16 12:0 a.m.2 views

JFinalOA 安全漏洞

JFinalOA is an enterprise office system based on the JFinal framework developed by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01, which stems from the discovery of an SQL injection vulnerability via the component validRoleKey?sysRole.key...

9.8CVSS7.8AI score0.00477EPSS
Exploits1References1
Rows per page
Query Builder