Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
139036.3%CRITICAL

Related CVEs

39
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2024-40322An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/dataHIGH8.834.6%Jul 16, 2024
CVE-2023-51254Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component.MEDIUM6.142.0%Apr 29, 2024
CVE-2024-24375SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter.HIGH7.538.1%Mar 7, 2024
CVE-2024-24029JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.CRITICAL9.850.7%Feb 2, 2024
CVE-2024-22497Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.MEDIUM6.134.8%Jan 23, 2024
CVE-2024-22496Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.MEDIUM6.134.8%Jan 23, 2024
CVE-2024-22494A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.MEDIUM5.437.0%Jan 12, 2024
CVE-2024-22493A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.MEDIUM5.442.2%Jan 12, 2024
CVE-2024-22492A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.MEDIUM5.442.2%Jan 12, 2024
CVE-2023-50136Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.MEDIUM5.432.6%Jan 9, 2024
CVE-2023-50137JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.MEDIUM5.435.4%Dec 14, 2023
CVE-2023-50102JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).MEDIUM5.434.3%Dec 14, 2023
CVE-2023-50101JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.MEDIUM5.435.1%Dec 14, 2023
CVE-2023-50100JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.MEDIUM5.435.4%Dec 14, 2023
CVE-2023-50449JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.HIGH7.564.7%Dec 10, 2023
CVE-2023-49487JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.MEDIUM5.433.4%Dec 8, 2023
CVE-2023-49486JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.MEDIUM5.433.7%Dec 8, 2023
CVE-2023-49485JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.MEDIUM5.433.0%Dec 8, 2023
CVE-2023-49448JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.HIGH8.830.9%Dec 5, 2023
CVE-2023-49447JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.HIGH8.830.9%Dec 5, 2023