Aggregates CVE and security vulnerability intelligence across all jfinalcms_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-49446 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49398 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49397 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49396 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49395 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49383 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49382 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49381 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49380 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49379 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49378 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49377 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49376 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49375 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49374 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49373 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-49372 | JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save. | [email protected] | 8.8 | 0.39% | 2023-12-05 | 2026-06-17 |
| CVE-2023-41599 | An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. | [email protected] | 5.3 | 11.21% | 2023-09-18 | 2026-06-17 |
| CVE-2022-27341 | JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. | [email protected] | 9.8 | 1.16% | 2022-04-22 | 2026-06-17 |