jfinalcms_project 漏洞与 CVE 列表（39）

产品（CPE）: — CVE 数: 39

jfinalcms_project 漏洞概览

汇总 jfinalcms_project 相关全部产品的 CVE 与安全漏洞情报，包括 CVSS、EPSS、公开时间与漏洞情报数据。

历史漏洞主要涉及 CSRF与跨站脚本等问题，部分漏洞可能导致会话劫持，并影响软件部署与生产负载相关场景。

相关漏洞数据主要来源于公开漏洞披露与安全公告，可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势（近 24 个月）

CVE	摘要	来源	最高 CVSS	EPSS %	公开时间	更新时间
CVE-2024-40322	An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data	[email protected]	8.8	0.06%	2024-07-16	2024-11-21
CVE-2023-51254	Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component.	[email protected]	6.1	0.46%	2024-04-29	2025-04-23
CVE-2024-24375	SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter.	[email protected]	7.5	0.05%	2024-03-07	2025-04-30
CVE-2024-24029	JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.	[email protected]	9.8	0.06%	2024-02-02	2025-06-12
CVE-2024-22497	Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.	[email protected]	6.1	0.11%	2024-01-23	2025-05-30
CVE-2024-22496	Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.	[email protected]	6.1	0.11%	2024-01-23	2025-06-05
CVE-2024-22494	A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.	[email protected]	5.4	0.05%	2024-01-12	2025-06-03
CVE-2024-22493	A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.	[email protected]	5.4	0.11%	2024-01-12	2024-11-21
CVE-2024-22492	A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.	[email protected]	5.4	0.11%	2024-01-12	2025-06-03
CVE-2023-50136	Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.	[email protected]	5.4	0.13%	2024-01-09	2025-06-03
CVE-2023-50137	JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.	[email protected]	5.4	0.09%	2023-12-14	2024-11-21
CVE-2023-50102	JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).	[email protected]	5.4	0.19%	2023-12-14	2024-11-21
CVE-2023-50101	JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.	[email protected]	5.4	0.19%	2023-12-14	2024-11-21
CVE-2023-50100	JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.	[email protected]	5.4	0.12%	2023-12-14	2024-11-21
CVE-2023-50449	JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.	[email protected]	7.5	0.12%	2023-12-10	2024-11-21
CVE-2023-49487	JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.	[email protected]	5.4	0.10%	2023-12-08	2024-11-21
CVE-2023-49486	JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.	[email protected]	5.4	0.11%	2023-12-08	2024-11-21
CVE-2023-49485	JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.	[email protected]	5.4	0.10%	2023-12-08	2025-05-27
CVE-2023-49448	JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.	[email protected]	8.8	0.27%	2023-12-05	2024-11-21
CVE-2023-49447	JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.	[email protected]	8.8	0.27%	2023-12-05	2024-11-21

cvelogic Threat Intelligence