Vulnerabilities > J2Eefast

DATE CVE VULNERABILITY TITLE RISK
2023-05-02 CVE-2023-2476 Cross-site Scripting vulnerability in J2Eefast
A vulnerability was found in Dromara J2eeFAST up to 2.6.0.
network
low complexity
j2eefast CWE-79
5.4
2023-05-02 CVE-2023-2475 Cross-site Scripting vulnerability in J2Eefast
A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic.
network
low complexity
j2eefast CWE-79
5.4
2021-08-12 CVE-2021-28890 SQL Injection vulnerability in J2Eefast 2.2.1
J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements.
network
low complexity
j2eefast CWE-89
7.5