Show filters
37 Total Results
Displaying 11-20 of 37
Sort by:
Attacker Value
Unknown

CVE-2023-50101

Disclosure Date: December 14, 2023 (last updated December 16, 2023)
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-50100

Disclosure Date: December 14, 2023 (last updated December 16, 2023)
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-50449

Disclosure Date: December 10, 2023 (last updated December 14, 2023)
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-49487

Disclosure Date: December 08, 2023 (last updated December 13, 2023)
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-49486

Disclosure Date: December 08, 2023 (last updated December 13, 2023)
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-49485

Disclosure Date: December 08, 2023 (last updated December 13, 2023)
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-49448

Disclosure Date: December 05, 2023 (last updated December 09, 2023)
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-49447

Disclosure Date: December 05, 2023 (last updated December 09, 2023)
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-49446

Disclosure Date: December 05, 2023 (last updated December 09, 2023)
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-49398

Disclosure Date: December 05, 2023 (last updated December 09, 2023)
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  < Previous  Next >