5 matches found
Cross-site Scripting (XSS)
com.jfinal:jfinal is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute arbitrary javascript via a crafted payload injected into the keyword text field under the publish blog module...
GHSA-9PVQ-4CC7-24JG Cross-site Scripting in Jfinal CMS
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...
Design/Logic Flaw
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...
CVE-2022-33113
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...
CVE-2022-33113
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...