VYPR

Maven package

com.jfinal/jfinal

pkg:maven/com.jfinal/jfinal

Vulnerabilities (36)

  • CVE-2023-49382Dec 5, 2023
    affected <= 5.0.0

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.

  • CVE-2023-49381Dec 5, 2023
    affected <= 5.0.0

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.

  • CVE-2023-49380Dec 5, 2023
    affected <= 5.0.0

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.

  • CVE-2023-49379Dec 5, 2023
    affected <= 5.0.0

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.

  • CVE-2023-49378Dec 5, 2023
    affected <= 5.0.0

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.

  • CVE-2023-49377Dec 5, 2023
    affected <= 5.0.0

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.

  • CVE-2023-49376Dec 5, 2023
    affected <= 5.0.0

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.

  • CVE-2023-49375Dec 5, 2023
    affected <= 5.0.0

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.

  • CVE-2023-49374Dec 5, 2023
    affected <= 5.0.0

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.

  • CVE-2023-49373Dec 5, 2023
    affected <= 5.0.0

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.

  • CVE-2023-49372Dec 5, 2023
    affected <= 5.0.0

    JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.

  • CVE-2021-31635Jun 26, 2023
    affected <= 4.9.08

    Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.

  • CVE-2022-33113Jun 23, 2022
    affected <= 5.1.0

    Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module.

  • CVE-2021-31649Jun 24, 2021
    affected <= 4.9.08

    In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute

  • CVE-2021-33348Jun 24, 2021
    affected < 4.9.11fixed 4.9.11

    An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.

  • CVE-2019-17352Oct 8, 2019
    affected < 4.5fixed 4.5

    In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain ex

Page 2 of 2