Lucene search
K

9 matches found

OSV
OSV
added 2023/12/05 3:30 p.m.6 views

GHSA-5F56-H6FG-RCRH Cross-Site Request Forgery in JFinalCMS via /admin/category/updateStatus

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/category/updateStatus...

8.8CVSS7.2AI score0.00391EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/12/05 3:15 p.m.3 views

CVE-2023-49397

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/category/updateStatus...

8.8CVSS5.8AI score0.00391EPSS
Exploits1References2
NVD
NVD
added 2023/12/05 3:15 p.m.20 views

CVE-2023-49397

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/category/updateStatus...

8.8CVSS0.00391EPSS
Exploits1References1
OSV
OSV
added 2023/12/05 3:15 p.m.14 views

CVE-2023-49397

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/category/updateStatus...

8.8CVSS8.9AI score
Exploits0References1
Prion
Prion
added 2023/12/05 3:15 p.m.14 views

Cross site request forgery (csrf)

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/category/updateStatus...

6.8CVSS7.8AI score0.00391EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/05 12:0 a.m.4 views

PT-2023-31203 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: A Cross-Site Request Forgery CSRF issue was found in JFinalCMS. The vulnerability can be exploited via the "/admin/category/updateStatus" API endpoint. Recommendations: For JFinalCMS version 5.0.0, as a...

8.8CVSS8.6AI score0.00391EPSS
Exploits1References7
Cvelist
Cvelist
added 2023/12/05 12:0 a.m.18 views

CVE-2023-49397

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/category/updateStatus...

9.1AI score0.00391EPSS
Exploits1References1
CVE
CVE
added 2023/12/05 12:0 a.m.35 views

CVE-2023-49397

JFinalCMS v5.0.0 contains a CSRF vulnerability exploitable via the /admin/category/updateStatus endpoint. Root cause: Cross-Site Request Forgery on a sensitive admin action. Impact is described as high (CVSS v3.1: 8.8; Confidentiality, Integrity, Availability all High). Exploitation details are n...

8.8CVSS8.8AI score0.00391EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/12/05 12:0 a.m.5 views

JFinalCMS Security Vulnerability

JFinalCMS is a content management system developed by heyewei. A security vulnerability exists in JFinalCMS v5.0.0, which originates from a cross-site request forgery vulnerability in the /admin/category/updateStatus component...

8.8CVSS8.5AI score0.00391EPSS
Exploits1References1
Rows per page
Query Builder