Jfinalcms Security Vulnerabilities and Issues — Jfinalcms CVE List

Lucene search

Jfinalcms ProjectJfinalcms

15 matches found

CVE•added 2023/09/19 2:15 a.m.•61 views

CVE-2023-41599

An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.

5.3CVSS5.4AI score0.91444EPSS

CVE•added 2024/09/11 9:15 p.m.•49 views

CVE-2024-8694

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is pos...

5.1CVSS4.3AI score0.00539EPSS

CVE•added 2024/05/26 10:15 p.m.•43 views

CVE-2024-5379

A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been discl...

5.4CVSS3.7AI score0.00897EPSS

CVE•added 2024/05/24 9:15 a.m.•42 views

CVE-2024-5310

A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the ...

5.4CVSS3.4AI score0.00547EPSS

CVE•added 2024/01/12 4:15 p.m.•39 views

CVE-2024-22493

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.

5.4CVSS5.2AI score0.0011EPSS

CVE•added 2023/12/08 3:15 p.m.•34 views

CVE-2023-49485

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.

5.4CVSS5.2AI score0.00098EPSS

CVE•added 2023/12/14 4:15 p.m.•33 views

CVE-2023-50101

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.

5.4CVSS5.2AI score0.00193EPSS

CVE•added 2024/01/09 10:15 p.m.•31 views

CVE-2023-50136

Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.

5.4CVSS5.3AI score0.0011EPSS

CVE•added 2023/12/14 4:15 p.m.•30 views

CVE-2023-50137

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.

5.4CVSS5.2AI score0.00086EPSS

CVE•added 2024/01/12 4:15 p.m.•29 views

CVE-2024-22494

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.

5.4CVSS5.2AI score0.00054EPSS

CVE•added 2023/12/14 4:15 p.m.•26 views

CVE-2023-50100

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.

5.4CVSS5.2AI score0.00119EPSS

CVE•added 2023/12/14 4:15 p.m.•25 views

CVE-2023-50102

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).

5.4CVSS5.3AI score0.00193EPSS

CVE•added 2023/12/08 3:15 p.m.•24 views

CVE-2023-49486

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.

5.4CVSS5.2AI score0.00109EPSS

CVE•added 2023/12/08 3:15 p.m.•24 views

CVE-2023-49487

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.

5.4CVSS5.2AI score0.00098EPSS

CVE•added 2024/01/12 4:15 p.m.•24 views

CVE-2024-22492

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.

5.4CVSS5.2AI score0.00109EPSS