Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jfinal_cms
(Jflyfox)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 49 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-05-05 | CVE-2021-42242 | A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. | Jfinal_cms | 9.8 | ||
| 2022-05-26 | CVE-2022-30500 | Jfinal cms 5.1.0 is vulnerable to SQL Injection. | Jfinal_cms | 9.8 | ||
| 2022-06-02 | CVE-2022-29648 | A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | Jfinal_cms | 5.4 | ||
| 2022-06-23 | CVE-2022-33113 | Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. | Jfinal_cms | 5.4 | ||
| 2022-06-23 | CVE-2022-33114 | Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. | Jfinal_cms | 7.2 | ||
| 2022-08-03 | CVE-2022-34928 | JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. | Jfinal_cms | 8.8 | ||
| 2022-08-23 | CVE-2022-37199 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. | Jfinal_cms | 9.8 | ||
| 2022-08-23 | CVE-2022-37223 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. | Jfinal_cms | 9.8 | ||
| 2022-08-25 | CVE-2022-36527 | Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. | Jfinal_cms | 5.4 | ||
| 2022-09-09 | CVE-2022-38272 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list. | Jfinal_cms | 7.2 |