Lucene search
K

4 matches found

CVE
CVE
added 2024/09/11 9:0 p.m.68 views

CVE-2024-8694

CVE-2024-8694 concerns JFinalCMS where the update function at /admin/template/update in com.cms.controller.admin.TemplateController is vulnerable to path traversal via the fileName parameter. The issue can be triggered remotely, and the exploit has been disclosed publicly. Affected versions are u...

5.1CVSS4.3AI score0.00792EPSS
Web
CVE
CVE
added 2024/09/11 11:31 p.m.65 views

CVE-2024-8706

CVE-2024-8706 affects JFinalCMS up to 20240903, where the function update in com.cms.util.TemplateUtils exposes a path traversal in the fileName argument of /admin/template/update. This allows a remote attacker to exploit the vulnerability, with public exploits reported. The CVSS details indicate...

6.5CVSS4.7AI score0.00749EPSS
Web
CVE
CVE
added 2024/05/24 9:0 a.m.63 views

CVE-2024-5310

CVE-2024-5310 affects JFinalCMS up to version 20221020, with the vulnerability located in the unknown portion of the file /admin/content . The issue arises from manipulation of the Title argument, leading to Cross-Site Scripting (XSS) . Exploitation is possible remotely, and the exploit has been ...

5.4CVSS3.4AI score0.00364EPSS
Web
CVE
CVE
added 2024/05/26 10:0 p.m.57 views

CVE-2024-5379

CVE-2024-5379 is a cross-site scripting (XSS) vulnerability affecting JFinalCMS up to 20240111. The issue arises from manipulating the directory argument of the file under /admin/template , leading to XSS. The vulnerability can be exploited remotely and the exploit has been publicly disclosed. Mu...

5.4CVSS3.7AI score0.00368EPSS
Web