JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.
9.8CVSS
9.8AI Score
0.002EPSS
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.
5.3CVSS
5.4AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
8.8CVSS
8.8AI Score
0.001EPSS
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.
5.4CVSS
5.2AI Score
0.0004EPSS
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.
5.4CVSS
5.2AI Score
0.0004EPSS
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
5.4CVSS
5.2AI Score
0.0004EPSS
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.
5.4CVSS
5.2AI Score
0.0004EPSS
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
5.4CVSS
5.2AI Score
0.0004EPSS
5.4CVSS
5.3AI Score
0.0004EPSS
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.
5.4CVSS
5.3AI Score
0.0004EPSS
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
5.4CVSS
5.2AI Score
0.0004EPSS
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
7.5CVSS
7.3AI Score
0.001EPSS
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.
5.4CVSS
5.2AI Score
0.001EPSS
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.
5.4CVSS
5.2AI Score
0.001EPSS
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.
5.4CVSS
5.2AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.
6.1CVSS
6AI Score
0.0005EPSS
Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.
6.1CVSS
6.1AI Score
0.0005EPSS
9.8CVSS
9.8AI Score
0.001EPSS
A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/div_data/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotely...
4.7CVSS
7.3AI Score
0.0004EPSS
An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data
8.8CVSS
7.6AI Score
0.001EPSS
A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been discl...
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is pos...
3.8CVSS
4.4AI Score
0.0004EPSS
A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to initiat...
4.3CVSS
4.7AI Score
0.0004EPSS
A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public...
9.8CVSS
6.4AI Score
0.001EPSS