JFinalCMS is a content management system. JFinalCMS suffers from a cross-site scripting vulnerability that stems from the application’s lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to embed malicious code on a web page.