Jfinalcms Project Jfinalcms vulnerabilities
39 known vulnerabilities affecting jfinalcms_project/jfinalcms.
Total CVEs
39
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH22MEDIUM15
Vulnerabilities
Page 2 of 2
CVE-2023-49374P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49374 [HIGH] CWE-352 CVE-2023-49374: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.
nvd
CVE-2023-49396P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49396 [HIGH] CWE-352 CVE-2023-49396: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.
nvd
CVE-2023-49447P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49447 [HIGH] CWE-352 CVE-2023-49447: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
nvd
CVE-2023-49381P4HIGHCVSS 8.8v5.0.02023-12-05
CVE-2023-49381 [HIGH] CWE-352 CVE-2023-49381: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.
nvd
CVE-2023-49372P4HIGHCVSS 8.8v5.02023-12-05
CVE-2023-49372 [HIGH] CWE-352 CVE-2023-49372: JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.
nvd
CVE-2024-22493P4MEDIUMCVSS 5.4v5.0.02024-01-12
CVE-2024-22493 [MEDIUM] CWE-79 CVE-2024-22493: A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, whic
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.
nvd
CVE-2024-22492P4MEDIUMCVSS 5.4v5.0.02024-01-12
CVE-2024-22492 [MEDIUM] CWE-79 CVE-2024-22492: A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, whic
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.
nvd
CVE-2024-22494P4MEDIUMCVSS 5.4v5.0.02024-01-12
CVE-2024-22494 [MEDIUM] CWE-79 CVE-2024-22494: A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.
nvd
CVE-2023-51254P4MEDIUMCVSS 6.1v5.0.02024-04-29
CVE-2023-51254 [MEDIUM] CWE-79 CVE-2023-51254: Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrar
Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component.
nvd
CVE-2024-22497P4MEDIUMCVSS 6.1v5.0.02024-01-23
CVE-2024-22497 [MEDIUM] CWE-79 CVE-2024-22497: Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allow
Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.
nvd
CVE-2024-22496P4MEDIUMCVSS 6.1v5.0.02024-01-23
CVE-2024-22496 [MEDIUM] CWE-79 CVE-2024-22496: Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code v
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.
nvd
CVE-2023-50137P4MEDIUMCVSS 5.4v5.0.02023-12-14
CVE-2023-50137 [MEDIUM] CWE-79 CVE-2023-50137: JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
nvd
CVE-2023-50100P4MEDIUMCVSS 5.4v5.0.02023-12-14
CVE-2023-50100 [MEDIUM] CWE-79 CVE-2023-50100: JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.
nvd
CVE-2023-50101P4MEDIUMCVSS 5.4v5.0.02023-12-14
CVE-2023-50101 [MEDIUM] CWE-79 CVE-2023-50101: JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
nvd
CVE-2023-50102P4MEDIUMCVSS 5.4v5.0.02023-12-14
CVE-2023-50102 [MEDIUM] CWE-79 CVE-2023-50102: JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).
nvd
CVE-2023-49486P4MEDIUMCVSS 5.4v5.0.02023-12-08
CVE-2023-49486 [MEDIUM] CWE-79 CVE-2023-49486: JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model m
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.
nvd
CVE-2023-49487P4MEDIUMCVSS 5.4v5.0.02023-12-08
CVE-2023-49487 [MEDIUM] CWE-79 CVE-2023-49487: JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigat
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
nvd
CVE-2023-49485P4MEDIUMCVSS 5.4v5.0.02023-12-08
CVE-2023-49485 [MEDIUM] CWE-79 CVE-2023-49485: JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.
nvd
CVE-2023-50136P4MEDIUMCVSS 5.4v5.0.02024-01-09
CVE-2023-50136 [MEDIUM] CWE-79 CVE-2023-50136: Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code v
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.
nvd
← Previous2 / 2