11 matches found
CVE-2022-36527
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...
CVE-2022-36527
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...
Design/Logic Flaw
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...
CVE-2022-36527
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...
jfinal cms 跨站脚本漏洞
jfinal cms is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl , database with mysql , front-end bootstrap framework . A security vulnerability exists in jfinal cms version v5.1.0, which stems from...
Cross-site Scripting (XSS)
com.jfinal:jfinal is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute arbitrary javascript via a crafted payload injected into the keyword text field under the publish blog module...
GHSA-9PVQ-4CC7-24JG Cross-site Scripting in Jfinal CMS
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...
Cross-site Scripting in Jfinal CMS
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...
CVE-2022-33113
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...
CVE-2022-33113
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...
CVE-2022-33113
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...