Jfinaloa - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Jfinaloa
(Jfinaloa_project)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	11

Date	Id	Summary	Products	Score	Patch	Annotated
2025-01-16	CVE-2024-57768	JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.	Jfinaloa	N/A
2025-01-16	CVE-2024-57771	A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	Jfinaloa	N/A
2025-01-16	CVE-2024-57772	A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	Jfinaloa	N/A
2025-01-16	CVE-2024-57773	A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	Jfinaloa	N/A
2025-01-16	CVE-2024-57774	A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	Jfinaloa	N/A
2025-01-16	CVE-2024-57776	A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	Jfinaloa	N/A
2025-01-16	CVE-2024-57775	JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.	Jfinaloa	8.8
2025-01-16	CVE-2024-57769	JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.	Jfinaloa	8.8
2025-01-16	CVE-2024-57770	JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.	Jfinaloa	8.8
2022-03-30	CVE-2021-40645	An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.	Jfinaloa	6.5