Show filters
37 Total Results
Displaying 1-10 of 37
Sort by:
Attacker Value
Unknown

CVE-2024-40322

Disclosure Date: July 16, 2024 (last updated August 16, 2024)
An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-24029

Disclosure Date: February 02, 2024 (last updated February 07, 2024)
JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-22497

Disclosure Date: January 23, 2024 (last updated January 30, 2024)
Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-22496

Disclosure Date: January 23, 2024 (last updated January 30, 2024)
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-22494

Disclosure Date: January 12, 2024 (last updated January 19, 2024)
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-22493

Disclosure Date: January 12, 2024 (last updated January 21, 2024)
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-22492

Disclosure Date: January 12, 2024 (last updated January 21, 2024)
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-50136

Disclosure Date: January 09, 2024 (last updated January 17, 2024)
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-50137

Disclosure Date: December 14, 2023 (last updated December 16, 2023)
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-50102

Disclosure Date: December 14, 2023 (last updated December 16, 2023)
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
View More Topics  Next >