Jflyfox: >> Jfinal Cms Security Vulnerabilities
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-08-25
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-08-23
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-08-23
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-08-03
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-06-23
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-06-23
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-06-02
Jfinal cms 5.1.0 is vulnerable to SQL Injection.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-05-26
A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.
CVSS Score
9.8
EPSS Score
0.011
Published
2022-05-05
Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-05-03