Product:

Jfinalcms

(Jfinalcms_project)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 37
Date Id Summary Products Score Patch Annotated
2023-12-14 CVE-2023-50102 JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS). Jfinalcms 5.4
2023-12-14 CVE-2023-50137 JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office. Jfinalcms 5.4
2024-01-09 CVE-2023-50136 Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table. Jfinalcms 5.4
2024-01-12 CVE-2024-22492 A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. Jfinalcms 5.4
2024-01-12 CVE-2024-22493 A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. Jfinalcms 5.4
2024-01-12 CVE-2024-22494 A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. Jfinalcms 5.4
2024-01-23 CVE-2024-22496 Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. Jfinalcms 6.1
2024-01-23 CVE-2024-22497 Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. Jfinalcms 6.1
2024-02-02 CVE-2024-24029 JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. Jfinalcms 9.8
2024-07-16 CVE-2024-40322 An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data Jfinalcms 8.8