CVE Tools

jflyfox

Web & CMS PluginsCNunknown

37

Cumulative CVEs

4

Monthly snapshots

#42

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting jflyfox.

CVE-2026-11473jflyfox jfinal_cms AdvicefeedbackController.java list sql injection6.3Jun 8, 2026
CVE-2025-6105jflyfox jfinal_cms HOME.java cross-site request forgery4.3Jun 16, 2025
CVE-2024-53477JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java9.8Dec 2, 2024
CVE-2023-47503An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.9.8Nov 28, 2023
CVE-2023-34645jfinal CMS 5.1.0 has an arbitrary file read vulnerability.7.5Jun 16, 2023
CVE-2023-30349JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.9.8Apr 27, 2023
CVE-2023-24747Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.5.4Apr 5, 2023
CVE-2023-22975A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person...6.1Feb 3, 2023
CVE-2022-37202JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list8.8Oct 26, 2022
CVE-2022-37208JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.8.8Oct 13, 2022
CVE-2022-37209JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.8.8Sep 27, 2022
CVE-2022-37205JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.8.8Sep 20, 2022
CVE-2022-37204Final CMS 5.1.0 is vulnerable to SQL Injection.9.8Sep 20, 2022
CVE-2022-37203JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.9.8Sep 19, 2022
CVE-2022-37201JFinal CMS 5.1.0 is vulnerable to SQL Injection.8.8Sep 15, 2022