VYPR
Vendor

Jfinal

Products
1
CVEs
23
Across products
23
Status
Private

Products

1

Recent CVEs

23
View all 23 CVEs →
  • CVE-2025-3214MedApr 4, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched…

  • CVE-2024-57769Jan 16, 2025
    risk 0.00cvss epss 0.01

    JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.

  • CVE-2024-57775Jan 16, 2025
    risk 0.00cvss epss 0.01

    JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.

  • CVE-2024-57770Jan 16, 2025
    risk 0.00cvss epss 0.01

    JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.

  • CVE-2024-57768Jan 16, 2025
    risk 0.00cvss epss 0.00

    JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.

  • CVE-2024-57776Jan 16, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2024-57773Jan 16, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2024-57771Jan 16, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2024-57772Jan 16, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2024-57774Jan 16, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2024-53477Dec 2, 2024
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java

  • CVE-2021-31635Jun 26, 2023
    risk 0.00cvss epss 0.01

    Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.

  • CVE-2023-24747Apr 5, 2023
    risk 0.00cvss epss 0.00

    Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.

  • CVE-2022-37208Oct 13, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.

  • CVE-2022-37209Sep 27, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.

  • CVE-2022-37201Sep 15, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to SQL Injection.

  • CVE-2022-37207Sep 15, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection

  • CVE-2022-34928Aug 3, 2022
    risk 0.00cvss epss 0.01

    JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.

  • CVE-2022-30500May 26, 2022
    risk 0.00cvss epss 0.01

    Jfinal cms 5.1.0 is vulnerable to SQL Injection.

  • CVE-2021-40639Sep 15, 2021
    risk 0.00cvss epss 0.01

    Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.