Shodan
Vulnerabilities
Vulnerable Software
Jfinaloa Project:  >> Jfinaloa  >> 2021-09-07  Security Vulnerabilities
CVE-2024-57773
A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-01-16
CVE-2024-57774
A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-01-16
CVE-2024-57775
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-16
CVE-2024-57776
A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-01-16
CVE-2024-57768
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-16
CVE-2024-57769
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-16
CVE-2024-57770
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-16
CVE-2024-57771
A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-01-16
CVE-2024-57772
A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-01-16
CVE-2021-40645
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-03-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved