Filtered by vendor Jfinalcms Project Subscriptions
Filtered by product Jfinalcms Subscriptions
Total 40 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-49396 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.
CVE-2023-49485 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 5.4 Medium
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.
CVE-2023-49395 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.
CVE-2023-49379 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.
CVE-2023-49448 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
CVE-2023-49377 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.
CVE-2023-49381 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.
CVE-2023-49373 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
CVE-2023-49446 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
CVE-2023-49397 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.
CVE-2023-49375 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.
CVE-2023-49382 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.
CVE-2023-49376 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.
CVE-2023-49447 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
CVE-2023-49378 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.
CVE-2023-49380 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.
CVE-2023-49383 1 Jfinalcms Project 1 Jfinalcms 2024-08-02 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.
CVE-2024-22494 1 Jfinalcms Project 1 Jfinalcms 2024-08-01 5.4 Medium
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2024-22497 1 Jfinalcms Project 1 Jfinalcms 2024-08-01 6.1 Medium
Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.
CVE-2024-22492 1 Jfinalcms Project 1 Jfinalcms 2024-08-01 5.4 Medium
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.