Moderate severityNVD Advisory· Published Jun 24, 2021· Updated Aug 3, 2024
CVE-2021-33348
CVE-2021-33348
Description
An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.jfinal:jfinalMaven | < 4.9.11 | 4.9.11 |
Affected products
2- JFinal framework/JFinal frameworkdescription
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-2c25-xfpq-8w9rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-33348ghsaADVISORY
- github.com/jfinal/jfinal/issues/188ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.