Com.jfinal:jfinal

This hub aggregates every CVE we track for Com.jfinal:jfinal, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Com.jfinal:jfinal.

• CVE-2024-22497Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.6.1Jan 23, 2024
• CVE-2024-22496Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.6.1Jan 23, 2024
• CVE-2024-22492A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.5.4Jan 12, 2024
• CVE-2024-22493A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.5.4Jan 12, 2024
• CVE-2023-50137JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.5.4Dec 14, 2023
• CVE-2023-50102JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).5.4Dec 14, 2023
• CVE-2023-50100JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.5.4Dec 14, 2023
• CVE-2023-50101JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.5.4Dec 14, 2023
• CVE-2023-50449JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.7.5Dec 10, 2023
• CVE-2023-49486JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.5.4Dec 8, 2023
• CVE-2023-49485JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.5.4Dec 8, 2023
• CVE-2023-49487JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.5.4Dec 8, 2023
• CVE-2023-49383JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.8.8Dec 5, 2023
• CVE-2023-49447JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.8.8Dec 5, 2023
• CVE-2023-49380JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.8.8Dec 5, 2023