Jfinaloa Security Vulnerabilities and Issues — Jfinaloa CVE List

Lucene search

Jfinaloa ProjectJfinaloa

11 matches found

CVE•added 2025/01/16 6:15 p.m.•61 views

CVE-2024-57768

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.

9.8CVSS8.3AI score0.00093EPSS

CVE•added 2022/03/30 9:15 p.m.•54 views

CVE-2021-40645

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.

6.5CVSS7AI score0.00228EPSS

CVE•added 2023/02/09 11:15 a.m.•41 views

CVE-2023-0758

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The ex...

9.8CVSS8.3AI score0.00052EPSS

CVE•added 2025/01/16 6:15 p.m.•39 views

CVE-2024-57771

A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

4.8CVSS5.9AI score0.00037EPSS

CVE•added 2025/01/16 6:15 p.m.•38 views

CVE-2024-57772

A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

4.8CVSS5.6AI score0.00037EPSS

CVE•added 2025/01/16 6:15 p.m.•38 views

CVE-2024-57774

A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

4.8CVSS5.9AI score0.00037EPSS

CVE•added 2025/01/16 6:15 p.m.•36 views

CVE-2024-57775

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.

8.8CVSS8.3AI score0.00077EPSS

CVE•added 2025/01/16 6:15 p.m.•36 views

CVE-2024-57776

A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

4.6CVSS5.8AI score0.00036EPSS

CVE•added 2025/01/16 6:15 p.m.•35 views

CVE-2024-57773

A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

4.8CVSS5.9AI score0.00037EPSS

CVE•added 2025/01/16 6:15 p.m.•33 views

CVE-2024-57769

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.

8.8CVSS8.5AI score0.00077EPSS

CVE•added 2025/01/16 6:15 p.m.•31 views

CVE-2024-57770

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.

8.8CVSS8.5AI score0.00077EPSS