Jfinal Cms Security Vulnerabilities and Issues — Jfinal Cms CVE List

Lucene search

JflyfoxJfinal Cms

4 matches found

CVE•added 2023/02/03 5:15 p.m.•108 views

CVE-2023-22975

A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html.

6.1CVSS5.8AI score0.00084EPSS

CVE•added 2021/09/15 2:15 p.m.•35 views

CVE-2020-19146

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.

6.5CVSS6.3AI score0.00189EPSS

CVE•added 2021/09/15 2:15 p.m.•31 views

CVE-2020-19147

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'.

6.5CVSS6.4AI score0.00289EPSS

CVE•added 2021/09/15 2:15 p.m.•30 views

CVE-2020-19154

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.

6.5CVSS6.2AI score0.00257EPSS