99 matches found
PT-2025-3567 · Jfinaloa · Jfinaloa
Name of the Vulnerable Software and Affected Versions: JFinalOA versions prior to 2025.01.01 Description: A cross-site scripting XSS issue in the openSelectManyUserPage?orgid interface of JFinalOA allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This enables the...
CVE-2024-57775
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid...
CVE-2024-57768
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key...
JFinalOA 安全漏洞
JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...
JFinalOA 安全漏洞
JFinalOA is an enterprise office system based on the JFinal framework developed by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01, which stems from the discovery of an SQL injection vulnerability via the component validRoleKey?sysRole.key...
JFinalOA 安全漏洞
JFinalOA is an enterprise office system based on the JFinal framework developed by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01, which was discovered to contain an SQL injection vulnerability via the component apply/saveoaContractApply.id...
CVE-2024-57773
A cross-site scripting XSS vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-57768
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key...
PT-2025-3568 · Jfinaloa · Jfinaloa
Name of the Vulnerable Software and Affected Versions: JFinalOA versions prior to v2025.01.01 Description: A cross-site scripting XSS vulnerability in the "getBusinessUploadListPage?busid" interface of JFinalOA allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
JFinalOA 安全漏洞
JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...
JFinalOA 安全漏洞
JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...
CVE-2024-57775
CVE-2024-57775 affects JFinalOA prior to v2025.01.01, with a SQL injection in the getWorkFlowHis?insid component. The vulnerability is documented across multiple feeds; impact is high (CVE CVSS 3.1: HIGH, network attack, no user interaction). A fix is indicated by the stated version boundary, sug...
CVE-2024-57769
CVE-2024-57769 affects JFinalOA prior to 2025.01.01, where a SQL injection flaw exists in the component borrowmoney/listData?applyUser . The issue is caused by improper handling of user input in this endpoint, enabling high-severity (C/H, I/H, A/H) impact per CVSS 3.1 with NETWORK attack vector, ...
CVE-2024-57772
CVE-2024-57772 describes an XSS vulnerability in JFinalOA affecting the web path "/bumph/getDraftListPage?type". Affected versions are those prior to 2025.01.01. Exploitation could allow an attacker to execute arbitrary web scripts or HTML via a crafted payload, with impact described as partial c...
CVE-2024-57770
CVE-2024-57770 affects JFinalOA prior to v2025.01.01, with a SQL injection vulnerability in the component apply/save#oaContractApply.id. The issue’s root cause is an input handling flaw that enables injectable SQL strings via that parameter, leading to potential confidentiality, integrity, and av...
CVE-2024-57774
CVE-2024-57774 describes a cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA prior to v2025.01.01. The underlying issue is input handling in that interface allowing crafted payloads to execute arbitrary script/HTML in a victim’s browser. Affecte...
PT-2025-3564 · Jfinaloa · Jfinaloa
Name of the Vulnerable Software and Affected Versions: JFinalOA versions prior to v2025.01.01 Description: A SQL injection issue was discovered in the component apply/saveoaContractApply.id. This allows for potential SQL injection attacks. Recommendations: For versions prior to v2025.01.01, updat...
CVE-2024-57776
The CVE-2024-57776 affects JFinalOA: an XSS in the /apply/getEditPage?view interface on versions prior to 2025.01.01. Root cause is improper handling of crafted payloads leading to execution of arbitrary web scripts/HTML. Impact is cross-site script execution in the victim’s browser. remediation:...
CVE-2024-57771
Summary of CVE-2024-57771 (JFinalOA): A cross-site scripting (XSS) vulnerability exists in thecommon/getEditPage?view interface of JFinalOA, affecting versions prior to 2025.01.01. The issue arises from how input to that interface is handled, allowing attackers to inject arbitrary web scripts or ...
CVE-2024-57773
CVE-2024-57773 affects JFinalOA prior to 2025-01-01, with an XSS vulnerability in the openSelectManyUserPage?orgid interface. The underlying issue is a cross-site scripting flaw that could allow arbitrary web scripts/HTML via crafted payloads. The CVSSv3.1 base score is 4.8 (Medium) with Network ...