Maven package

com.jfinal/jfinal

pkg:maven/com.jfinal/jfinal

Vulnerabilities (36)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-22497	—	<= 5.0.0	—	Jan 23, 2024	Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.
CVE-2024-22496	—	<= 5.0.0	—	Jan 23, 2024	Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.
CVE-2024-22493	—	<= 5.0.0	—	Jan 12, 2024	A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2024-22492	—	<= 5.0.0	—	Jan 12, 2024	A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2023-50137	—	<= 5.0.0	—	Dec 14, 2023	JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
CVE-2023-50102	—	<= 5.0.0	—	Dec 14, 2023	JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-50101	—	<= 5.0.0	—	Dec 14, 2023	JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
CVE-2023-50100	—	<= 5.0.0	—	Dec 14, 2023	JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.
CVE-2023-50449	—	<= 5.0.0	—	Dec 10, 2023	JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
CVE-2023-49487	—	<= 5.0.0	—	Dec 8, 2023	JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
CVE-2023-49486	—	<= 5.0.0	—	Dec 8, 2023	JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.
CVE-2023-49485	—	<= 5.0.0	—	Dec 8, 2023	JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.
CVE-2023-49448	—	<= 5.0.0	—	Dec 5, 2023	JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
CVE-2023-49447	—	<= 5.0.0	—	Dec 5, 2023	JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
CVE-2023-49446	—	<= 5.0.0	—	Dec 5, 2023	JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
CVE-2023-49398	—	<= 5.0.0	—	Dec 5, 2023	JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
CVE-2023-49397	—	<= 5.0.0	—	Dec 5, 2023	JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.
CVE-2023-49396	—	<= 5.0.0	—	Dec 5, 2023	JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.
CVE-2023-49395	—	<= 5.0.0	—	Dec 5, 2023	JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.
CVE-2023-49383	—	<= 5.0.0	—	Dec 5, 2023	JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.

CVE-2024-22497Jan 23, 2024
affected <= 5.0.0
Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.
CVE-2024-22496Jan 23, 2024
affected <= 5.0.0
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.
CVE-2024-22493Jan 12, 2024
affected <= 5.0.0
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2024-22492Jan 12, 2024
affected <= 5.0.0
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2023-50137Dec 14, 2023
affected <= 5.0.0
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
CVE-2023-50102Dec 14, 2023
affected <= 5.0.0
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-50101Dec 14, 2023
affected <= 5.0.0
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
CVE-2023-50100Dec 14, 2023
affected <= 5.0.0
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.
CVE-2023-50449Dec 10, 2023
affected <= 5.0.0
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
CVE-2023-49487Dec 8, 2023
affected <= 5.0.0
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
CVE-2023-49486Dec 8, 2023
affected <= 5.0.0
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.
CVE-2023-49485Dec 8, 2023
affected <= 5.0.0
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.
CVE-2023-49448Dec 5, 2023
affected <= 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
CVE-2023-49447Dec 5, 2023
affected <= 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
CVE-2023-49446Dec 5, 2023
affected <= 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
CVE-2023-49398Dec 5, 2023
affected <= 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
CVE-2023-49397Dec 5, 2023
affected <= 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.
CVE-2023-49396Dec 5, 2023
affected <= 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.
CVE-2023-49395Dec 5, 2023
affected <= 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.
CVE-2023-49383Dec 5, 2023
affected <= 5.0.0
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.

Page 1 of 2