JFinalCMS is a content management system. JFinalCMS suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data in the model management department, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload.