Shodan
Vulnerabilities
Vulnerable Software
Jfinaloa Project:  Security Vulnerabilities
CVE-2024-57773
A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-01-16
CVE-2024-57774
A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-01-16
CVE-2024-57775
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-16
CVE-2024-57776
A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-01-16
CVE-2024-57768
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-16
CVE-2024-57769
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-16
CVE-2024-57770
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-16
CVE-2024-57771
A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-01-16
CVE-2024-57772
A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-01-16
CVE-2023-0758
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220469 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-02-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved