Jfinal Cms Security Vulnerabilities and Issues — Jfinal Cms CVE List

Lucene search

JflyfoxJfinal Cms

7 matches found

CVE•added 2022/06/23 5:15 p.m.•80 views

CVE-2022-33113

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module.

5.4CVSS5.7AI score0.00181EPSS

CVE•added 2022/04/11 3:15 p.m.•76 views

CVE-2022-27111

Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.

5.4CVSS5.4AI score0.00181EPSS

CVE•added 2022/08/25 7:15 p.m.•69 views

CVE-2022-36527

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.

5.4CVSS5.7AI score0.00198EPSS

CVE•added 2022/06/02 2:15 p.m.•67 views

CVE-2022-29648

A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.

5.4CVSS5.2AI score0.00181EPSS

CVE•added 2023/04/05 8:15 p.m.•44 views

CVE-2023-24747

Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.

5.4CVSS5.3AI score0.00092EPSS

CVE•added 2022/01/25 4:15 p.m.•40 views

CVE-2021-46087

In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code.

5.4CVSS5.3AI score0.00191EPSS

CVE•added 2021/09/15 2:15 p.m.•35 views

CVE-2020-19148

Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.

5.4CVSS5.7AI score0.00508EPSS

Web