Product:

Jfinalcms

(Jfinalcms_project)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 38
Date Id Summary Products Score Patch Annotated
2024-02-02 CVE-2024-24029 JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. Jfinalcms 9.8
2024-01-23 CVE-2024-22496 Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. Jfinalcms 6.1
2024-01-09 CVE-2023-50136 Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table. Jfinalcms 5.4
2024-01-12 CVE-2024-22492 A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. Jfinalcms 5.4
2024-01-12 CVE-2024-22494 A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. Jfinalcms 5.4
2024-01-23 CVE-2024-22497 Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. Jfinalcms 6.1
2023-12-08 CVE-2023-49485 JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. Jfinalcms 5.4
2024-03-07 CVE-2024-24375 SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter. Jfinalcms N/A
2022-04-22 CVE-2022-27341 JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. Jfinalcms 9.8
2023-09-19 CVE-2023-41599 An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. Jfinalcms 5.3