Lucene search
JflyfoxJfinal Cms5.1.0
4 matches found
CVE-2023-22975
A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html.
6.1CVSS5.8AI score0.00084EPSS
CVE-2023-30349
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.
9.8CVSS9.8AI score0.02779EPSS
CVE-2023-34645
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
7.5CVSS7.5AI score0.00094EPSS
CVE-2023-47503
An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.
9.8CVSS9.5AI score0.01289EPSS