In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code.
References
Link | Resource |
---|---|
https://github.com/jflyfox/jfinal_cms/issues/19 | Exploit Issue Tracking Third Party Advisory |
https://github.com/jflyfox/jfinal_cms/issues/19 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 06:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/jflyfox/jfinal_cms/issues/19 - Exploit, Issue Tracking, Third Party Advisory |
Information
Published : 2022-01-25 16:15
Updated : 2024-11-21 06:33
NVD link : CVE-2021-46087
Mitre link : CVE-2021-46087
CVE.ORG link : CVE-2021-46087
JSON object : View
Products Affected
jflyfox
- jfinal_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')