J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements.
9.8CVSS
9.8AI Score
0.002EPSS
A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument äž»é¢ leads to cross site scripting. The attack may be initiated remotely. The exploit has been ...
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument ç³»ç»å·¥å ·/å ¬å管ç leads to cross site scripting. It is possible to launch the attack remotely. The exploi...
5.4CVSS
5.3AI Score
0.001EPSS