A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under...
6.1CVSS
5.8AI Score
0.001EPSS
An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management...
9.8CVSS
9.5AI Score
0.003EPSS
7.5CVSS
7.5AI Score
0.001EPSS
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter...
9.8CVSS
9.8AI Score
0.005EPSS
Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component...
5.4CVSS
5.3AI Score
0.001EPSS
8.8CVSS
9.1AI Score
0.001EPSS
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component...
8.8CVSS
8.8AI Score
0.002EPSS
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL...
8.8CVSS
9AI Score
0.001EPSS
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL...
8.8CVSS
9.1AI Score
0.001EPSS
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL...
8.8CVSS
9.1AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.002EPSS
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL...
9.8CVSS
9.8AI Score
0.002EPSS
8.8CVSS
8.8AI Score
0.001EPSS
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL...
8.8CVSS
9.1AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog...
5.4CVSS
5.7AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
8.8CVSS
8.9AI Score
0.001EPSS
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog...
5.4CVSS
5.7AI Score
0.001EPSS
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For...
5.4CVSS
5.2AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.002EPSS
9.8CVSS
9.5AI Score
0.003EPSS
7.2CVSS
7.3AI Score
0.001EPSS
Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute...
5.4CVSS
5.4AI Score
0.001EPSS
In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious...
5.4CVSS
5.3AI Score
0.001EPSS
7.5CVSS
7.6AI Score
0.001EPSS
Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via...
7.5CVSS
7.3AI Score
0.002EPSS
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component...
8.1CVSS
7.9AI Score
0.003EPSS
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component...
6.5CVSS
6.2AI Score
0.003EPSS
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component...
5.4CVSS
5.7AI Score
0.001EPSS
Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component...
8.8CVSS
9.1AI Score
0.002EPSS
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component...
6.5CVSS
6.3AI Score
0.003EPSS
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component...
6.5CVSS
6.4AI Score
0.006EPSS