Cross Site Scripting (XSS)

2024-05-0307:06:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

jfinalcms

xss

vulnerability

input validation

friendship link

remote attacker

arbitrary code

crafted script

security

7.9 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Jfinalcms is vulnerable to Cross Site Scripting( XSS). The vulnerability is due to improper input validation in the friendship link component, allowing a remote attacker to execute arbitrary code through a crafted script.

CPENameOperatorVersion
jfinalle5.1.7
jfinalle5.1.7

CPE	Name	Operator	Version
	jfinal	le	5.1.7
	jfinal	le	5.1.7

References

github.com/yukino-hiki/CVE/blob/main/4/There%20is%20a%20stored%20xss%20at%20the%20friendship%20link.md