This page lists publicly disclosed CVE vulnerabilities affecting jfinalcms_project jfinalcms (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-40322 | An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data | [email protected] | 8.8 | 0.43% | 2024-07-16 | 2024-11-21 |
| CVE-2023-51254 | Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component. | [email protected] | 6.1 | 0.55% | 2024-04-29 | 2025-04-23 |
| CVE-2024-24375 | SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter. | [email protected] | 7.5 | 0.48% | 2024-03-07 | 2025-04-30 |
| CVE-2024-24029 | JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. | [email protected] | 9.8 | 0.76% | 2024-02-02 | 2025-06-12 |
| CVE-2024-22497 | Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. | [email protected] | 6.1 | 0.43% | 2024-01-23 | 2025-05-30 |
| CVE-2024-22496 | Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. | [email protected] | 6.1 | 0.43% | 2024-01-23 | 2025-06-05 |
| CVE-2024-22494 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. | [email protected] | 5.4 | 0.47% | 2024-01-12 | 2025-06-03 |
| CVE-2024-22493 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. | [email protected] | 5.4 | 0.56% | 2024-01-12 | 2024-11-21 |
| CVE-2024-22492 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. | [email protected] | 5.4 | 0.56% | 2024-01-12 | 2025-06-03 |
| CVE-2023-50136 | Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table. | [email protected] | 5.4 | 0.41% | 2024-01-09 | 2025-06-03 |
| CVE-2023-50137 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office. | [email protected] | 5.4 | 0.44% | 2023-12-14 | 2024-11-21 |
| CVE-2023-50102 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS). | [email protected] | 5.4 | 0.43% | 2023-12-14 | 2024-11-21 |
| CVE-2023-50101 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing. | [email protected] | 5.4 | 0.44% | 2023-12-14 | 2024-11-21 |
| CVE-2023-50100 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing. | [email protected] | 5.4 | 0.44% | 2023-12-14 | 2024-11-21 |
| CVE-2023-50449 | JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter. | [email protected] | 7.5 | 1.21% | 2023-12-10 | 2024-11-21 |
| CVE-2023-49487 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department. | [email protected] | 5.4 | 0.42% | 2023-12-08 | 2024-11-21 |
| CVE-2023-49486 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department. | [email protected] | 5.4 | 0.42% | 2023-12-08 | 2024-11-21 |
| CVE-2023-49485 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. | [email protected] | 5.4 | 0.41% | 2023-12-08 | 2025-05-27 |
| CVE-2023-49448 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2024-11-21 |
| CVE-2023-49447 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2024-11-21 |