0.001 Low
EPSS
Percentile
25.0%
com.jfinal:jfinal is vulnerable to cross-site scripting(XSS) attacks. A remote attacker is able to inject and execute arbitrary javascript via a crafted payload injected into the keyword text field under the publish blog module.
publish blog
github.com/advisories/GHSA-9pvq-4cc7-24jg
github.com/jflyfox/jfinal_cms/issues/39