Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Jfinalcms Security Vulnerabilities

cve
cve

CVE-2022-27341

JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.

9.8CVSS

9.8AI Score

0.002EPSS

2022-04-22 08:15 PM
60
cve
cve

CVE-2023-41599

An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.

5.3CVSS

5.4AI Score

0.001EPSS

2023-09-19 02:15 AM
34
cve
cve

CVE-2023-49372

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
18
cve
cve

CVE-2023-49373

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
13
cve
cve

CVE-2023-49374

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
17
cve
cve

CVE-2023-49375

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
10
cve
cve

CVE-2023-49376

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
15
cve
cve

CVE-2023-49377

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
12
cve
cve

CVE-2023-49378

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
14
cve
cve

CVE-2023-49379

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
15
cve
cve

CVE-2023-49380

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
20
cve
cve

CVE-2023-49381

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
14
cve
cve

CVE-2023-49382

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
12
cve
cve

CVE-2023-49383

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
17
cve
cve

CVE-2023-49395

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
16
cve
cve

CVE-2023-49396

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
15
cve
cve

CVE-2023-49397

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
15
cve
cve

CVE-2023-49398

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
14
cve
cve

CVE-2023-49446

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
12
cve
cve

CVE-2023-49447

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
14
cve
cve

CVE-2023-49448

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
14
cve
cve

CVE-2023-49485

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.

5.4CVSS

5.2AI Score

0.0004EPSS

2023-12-08 03:15 PM
16
cve
cve

CVE-2023-49486

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.

5.4CVSS

5.2AI Score

0.0004EPSS

2023-12-08 03:15 PM
12
cve
cve

CVE-2023-49487

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.

5.4CVSS

5.2AI Score

0.0004EPSS

2023-12-08 03:15 PM
9
cve
cve

CVE-2023-50100

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.

5.4CVSS

5.2AI Score

0.0004EPSS

2023-12-14 04:15 PM
10
cve
cve

CVE-2023-50101

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.

5.4CVSS

5.2AI Score

0.0004EPSS

2023-12-14 04:15 PM
18
cve
cve

CVE-2023-50102

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).

5.4CVSS

5.3AI Score

0.0004EPSS

2023-12-14 04:15 PM
12
cve
cve

CVE-2023-50136

Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.

5.4CVSS

5.3AI Score

0.0004EPSS

2024-01-09 10:15 PM
16
cve
cve

CVE-2023-50137

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.

5.4CVSS

5.2AI Score

0.0004EPSS

2023-12-14 04:15 PM
12
cve
cve

CVE-2023-50449

JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.

7.5CVSS

7.3AI Score

0.001EPSS

2023-12-10 06:15 PM
16
cve
cve

CVE-2024-22492

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.

5.4CVSS

5.2AI Score

0.001EPSS

2024-01-12 04:15 PM
11
cve
cve

CVE-2024-22493

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.

5.4CVSS

5.2AI Score

0.001EPSS

2024-01-12 04:15 PM
16
cve
cve

CVE-2024-22494

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.

5.4CVSS

5.2AI Score

0.001EPSS

2024-01-12 04:15 PM
15
cve
cve

CVE-2024-22496

Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.

6.1CVSS

6AI Score

0.0005EPSS

2024-01-23 05:15 PM
140
cve
cve

CVE-2024-22497

Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.

6.1CVSS

6.1AI Score

0.0005EPSS

2024-01-23 07:15 PM
144
cve
cve

CVE-2024-24029

JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.

9.8CVSS

9.8AI Score

0.001EPSS

2024-02-02 04:15 PM
21
cve
cve

CVE-2024-2568

A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/div_data/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotely...

4.7CVSS

7.3AI Score

0.0004EPSS

2024-03-17 11:15 PM
37
cve
cve

CVE-2024-40322

An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data

8.8CVSS

7.6AI Score

0.001EPSS

2024-07-16 04:15 PM
29
cve
cve

CVE-2024-5379

A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been discl...

3.5CVSS

6.2AI Score

0.0004EPSS

2024-05-26 10:15 PM
29
cve
cve

CVE-2024-8694

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is pos...

3.8CVSS

4.4AI Score

0.0004EPSS

2024-09-11 09:15 PM
27
cve
cve

CVE-2024-8706

A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to initiat...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-09-12 12:15 AM
26
cve
cve

CVE-2024-8782

A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public...

9.8CVSS

6.4AI Score

0.001EPSS

2024-09-13 06:15 PM
29