4 matches found
CVE-2024-8694
CVE-2024-8694 concerns JFinalCMS where the update function at /admin/template/update in com.cms.controller.admin.TemplateController is vulnerable to path traversal via the fileName parameter. The issue can be triggered remotely, and the exploit has been disclosed publicly. Affected versions are u...
CVE-2024-8706
CVE-2024-8706 affects JFinalCMS up to 20240903, where the function update in com.cms.util.TemplateUtils exposes a path traversal in the fileName argument of /admin/template/update. This allows a remote attacker to exploit the vulnerability, with public exploits reported. The CVSS details indicate...
CVE-2024-5310
CVE-2024-5310 affects JFinalCMS up to version 20221020, with the vulnerability located in the unknown portion of the file /admin/content . The issue arises from manipulation of the Title argument, leading to Cross-Site Scripting (XSS) . Exploitation is possible remotely, and the exploit has been ...
CVE-2024-5379
CVE-2024-5379 is a cross-site scripting (XSS) vulnerability affecting JFinalCMS up to 20240111. The issue arises from manipulating the directory argument of the file under /admin/template , leading to XSS. The vulnerability can be exploited remotely and the exploit has been publicly disclosed. Mu...