jfinalcms_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk csrf and vendor risk cross-site scripting などに関し、一部は vendor impact session compromise を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-40322 | An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data | [email protected] | 8.8 | 0.06% | 2024-07-16 | 2024-11-21 |
| CVE-2023-51254 | Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component. | [email protected] | 6.1 | 0.46% | 2024-04-29 | 2025-04-23 |
| CVE-2024-24375 | SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter. | [email protected] | 7.5 | 0.05% | 2024-03-07 | 2025-04-30 |
| CVE-2024-24029 | JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. | [email protected] | 9.8 | 0.06% | 2024-02-02 | 2025-06-12 |
| CVE-2024-22497 | Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. | [email protected] | 6.1 | 0.11% | 2024-01-23 | 2025-05-30 |
| CVE-2024-22496 | Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. | [email protected] | 6.1 | 0.11% | 2024-01-23 | 2025-06-05 |
| CVE-2024-22494 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. | [email protected] | 5.4 | 0.05% | 2024-01-12 | 2025-06-03 |
| CVE-2024-22493 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. | [email protected] | 5.4 | 0.11% | 2024-01-12 | 2024-11-21 |
| CVE-2024-22492 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. | [email protected] | 5.4 | 0.11% | 2024-01-12 | 2025-06-03 |
| CVE-2023-50136 | Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table. | [email protected] | 5.4 | 0.13% | 2024-01-09 | 2025-06-03 |
| CVE-2023-50137 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office. | [email protected] | 5.4 | 0.09% | 2023-12-14 | 2024-11-21 |
| CVE-2023-50102 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS). | [email protected] | 5.4 | 0.19% | 2023-12-14 | 2024-11-21 |
| CVE-2023-50101 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing. | [email protected] | 5.4 | 0.19% | 2023-12-14 | 2024-11-21 |
| CVE-2023-50100 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing. | [email protected] | 5.4 | 0.12% | 2023-12-14 | 2024-11-21 |
| CVE-2023-50449 | JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter. | [email protected] | 7.5 | 0.12% | 2023-12-10 | 2024-11-21 |
| CVE-2023-49487 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department. | [email protected] | 5.4 | 0.10% | 2023-12-08 | 2024-11-21 |
| CVE-2023-49486 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department. | [email protected] | 5.4 | 0.11% | 2023-12-08 | 2024-11-21 |
| CVE-2023-49485 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. | [email protected] | 5.4 | 0.10% | 2023-12-08 | 2025-05-27 |
| CVE-2023-49448 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete. | [email protected] | 8.8 | 0.27% | 2023-12-05 | 2024-11-21 |
| CVE-2023-49447 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update. | [email protected] | 8.8 | 0.27% | 2023-12-05 | 2024-11-21 |