Jfinalcms

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2024-57665 CRITICAL POC Act Now

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Jfinalcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-22494 MEDIUM POC This Month

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-22493 MEDIUM POC This Month

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-22492 MEDIUM POC This Month

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-57665
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Jfinalcms
NVD GitHub
CVE-2024-22494
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVE-2024-22493
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVE-2024-22492
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy