Filtered by vendor Jfinalcms Project
Subscriptions
Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49379 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save. | ||||
| CVE-2023-49448 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete. | ||||
| CVE-2023-49377 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update. | ||||
| CVE-2023-49381 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update. | ||||
| CVE-2023-49373 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete. | ||||
| CVE-2023-49446 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save. | ||||
| CVE-2023-49397 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus. | ||||
| CVE-2023-49375 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update. | ||||
| CVE-2023-49382 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete. | ||||
| CVE-2023-49376 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete. | ||||
| CVE-2023-49447 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update. | ||||
| CVE-2023-49378 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save. | ||||
| CVE-2023-49380 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete. | ||||
| CVE-2023-49383 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 8.8 High |
| JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save. | ||||
| CVE-2023-41599 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-02 | 5.3 Medium |
| An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. | ||||
| CVE-2024-24029 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-01 | 9.8 Critical |
| JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. | ||||
| CVE-2024-22494 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-01 | 5.4 Medium |
| A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2024-22497 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-01 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. | ||||
| CVE-2024-22496 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-01 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. | ||||
| CVE-2024-22492 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-08-01 | 5.4 Medium |
| A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. | ||||