Filtered by vendor Jfinalcms Project Subscriptions
Filtered by product Jfinalcms Subscriptions
Total 40 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-50101 1 Jfinalcms Project 1 Jfinalcms 2024-11-26 5.4 Medium
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
CVE-2024-40322 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 6.3 Medium
An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data
CVE-2024-24029 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 9.8 Critical
JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.
CVE-2024-22497 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.
CVE-2024-22496 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.
CVE-2024-22494 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2024-22493 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2024-22492 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2023-50449 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 7.5 High
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
CVE-2023-50137 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
CVE-2023-50136 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.
CVE-2023-50102 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-50100 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.
CVE-2023-49487 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
CVE-2023-49486 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.
CVE-2023-49485 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.
CVE-2023-49448 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
CVE-2023-49447 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
CVE-2023-49446 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
CVE-2023-49398 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.