Lucene search
K
Jfinaloa ProjectJfinaloa

11 matches found

CVE
CVE
added 2025/01/16 12:0 a.m.74 views

CVE-2024-57768

CVE-2024-57768 affects JFinalOA prior to 2025.01.01 and is due to a SQL injection in the component validRoleKey?sysRole.key. Reported CVSSv3.1 base score 9.8 (CRITICAL) with network attack vector, no privileges, no user interaction required, and high impact on confidentiality, integrity, and avai...

9.8CVSS8.3AI score0.00477EPSS
CVE
CVE
added 2022/03/30 8:56 p.m.71 views

CVE-2021-40645

glorylion JFinalOA contains an SQL injection in the defkey parameter of FlowTaskController.getHaveDoneTaskDataList. The root cause is improper handling of the defkey input, enabling arbitrary SQL execution with potential HIGH confidentiality impact. Affected versions/details are not provided in t...

6.5CVSS7AI score0.0108EPSS
CVE
CVE
added 2025/01/16 12:0 a.m.56 views

CVE-2024-57774

CVE-2024-57774 describes a cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA prior to v2025.01.01. The underlying issue is input handling in that interface allowing crafted payloads to execute arbitrary script/HTML in a victim’s browser. Affecte...

4.8CVSS5.9AI score0.00279EPSS
CVE
CVE
added 2023/02/09 10:59 a.m.55 views

CVE-2023-0758

CVE-2023-0758 affects glorylion JFinalOA 1.0.2. A SQL injection flaw arises from the id parameter in SysOrg.java (src/main/java/com/pointlion/mvc/common/model/SysOrg.java). The issue can be exploited remotely and leads to high impact on confidentiality, integrity, and availability. Multiple conne...

9.8CVSS8.3AI score0.00608EPSS
CVE
CVE
added 2025/01/16 12:0 a.m.54 views

CVE-2024-57771

Summary of CVE-2024-57771 (JFinalOA): A cross-site scripting (XSS) vulnerability exists in thecommon/getEditPage?view interface of JFinalOA, affecting versions prior to 2025.01.01. The issue arises from how input to that interface is handled, allowing attackers to inject arbitrary web scripts or ...

4.8CVSS5.9AI score0.00307EPSS
Web
CVE
CVE
added 2025/01/16 12:0 a.m.52 views

CVE-2024-57772

CVE-2024-57772 describes an XSS vulnerability in JFinalOA affecting the web path "/bumph/getDraftListPage?type". Affected versions are those prior to 2025.01.01. Exploitation could allow an attacker to execute arbitrary web scripts or HTML via a crafted payload, with impact described as partial c...

4.8CVSS5.6AI score0.00279EPSS
Web
CVE
CVE
added 2025/01/16 12:0 a.m.51 views

CVE-2024-57776

The CVE-2024-57776 affects JFinalOA: an XSS in the /apply/getEditPage?view interface on versions prior to 2025.01.01. Root cause is improper handling of crafted payloads leading to execution of arbitrary web scripts/HTML. Impact is cross-site script execution in the victim’s browser. remediation:...

4.6CVSS5.8AI score0.00273EPSS
Web
CVE
CVE
added 2025/01/16 12:0 a.m.47 views

CVE-2024-57769

CVE-2024-57769 affects JFinalOA prior to 2025.01.01, where a SQL injection flaw exists in the component borrowmoney/listData?applyUser . The issue is caused by improper handling of user input in this endpoint, enabling high-severity (C/H, I/H, A/H) impact per CVSS 3.1 with NETWORK attack vector, ...

8.8CVSS8.5AI score0.00568EPSS
Web
CVE
CVE
added 2025/01/16 12:0 a.m.47 views

CVE-2024-57775

CVE-2024-57775 affects JFinalOA prior to v2025.01.01, with a SQL injection in the getWorkFlowHis?insid component. The vulnerability is documented across multiple feeds; impact is high (CVE CVSS 3.1: HIGH, network attack, no user interaction). A fix is indicated by the stated version boundary, sug...

8.8CVSS8.3AI score0.00568EPSS
CVE
CVE
added 2025/01/16 12:0 a.m.46 views

CVE-2024-57773

CVE-2024-57773 affects JFinalOA prior to 2025-01-01, with an XSS vulnerability in the openSelectManyUserPage?orgid interface. The underlying issue is a cross-site scripting flaw that could allow arbitrary web scripts/HTML via crafted payloads. The CVSSv3.1 base score is 4.8 (Medium) with Network ...

4.8CVSS5.9AI score0.00279EPSS
CVE
CVE
added 2025/01/16 12:0 a.m.42 views

CVE-2024-57770

CVE-2024-57770 affects JFinalOA prior to v2025.01.01, with a SQL injection vulnerability in the component apply/save#oaContractApply.id. The issue’s root cause is an input handling flaw that enables injectable SQL strings via that parameter, leading to potential confidentiality, integrity, and av...

8.8CVSS8.5AI score0.00568EPSS