Maven package
com.jflyfox/jflyfox_jfinal
pkg:maven/com.jflyfox/jflyfox_jfinal
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-30349 | — | <= 5.1.0 | — | Apr 27, 2023 | JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. | ||
| CVE-2022-36527 | — | <= 5.1.0 | — | Aug 25, 2022 | Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. | ||
| CVE-2022-37223 | — | <= 5.1.0 | — | Aug 23, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. | ||
| CVE-2022-37199 | — | <= 5.1.0 | — | Aug 23, 2022 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. | ||
| CVE-2022-29648 | — | <= 5.1.0 | — | May 31, 2022 | A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | ||
| CVE-2022-30500 | — | <= 5.1.0 | — | May 26, 2022 | Jfinal cms 5.1.0 is vulnerable to SQL Injection. |
- CVE-2023-30349Apr 27, 2023affected <= 5.1.0
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.
- CVE-2022-36527Aug 25, 2022affected <= 5.1.0
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
- CVE-2022-37223Aug 23, 2022affected <= 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
- CVE-2022-37199Aug 23, 2022affected <= 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.
- CVE-2022-29648May 31, 2022affected <= 5.1.0
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
- CVE-2022-30500May 26, 2022affected <= 5.1.0
Jfinal cms 5.1.0 is vulnerable to SQL Injection.