Vulnerabilities > Jflyfox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-28 | CVE-2023-47503 | Unspecified vulnerability in Jflyfox Jfinal CMS 5.1.0 An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. | 9.8 |
| 2023-06-16 | CVE-2023-34645 | Files or Directories Accessible to External Parties vulnerability in Jflyfox Jfinal CMS 5.1.0 jfinal CMS 5.1.0 has an arbitrary file read vulnerability. | 7.5 |
| 2023-04-27 | CVE-2023-30349 | Unspecified vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. | 9.8 |
| 2023-02-03 | CVE-2023-22975 | Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0 A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html. | 6.1 |
| 2022-10-26 | CVE-2022-37202 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list | 8.8 |
| 2022-10-13 | CVE-2022-37208 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection. | 8.8 |
| 2022-09-27 | CVE-2022-37209 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is affected by: SQL Injection. | 8.8 |
| 2022-06-23 | CVE-2022-33113 | Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. | 3.5 |
| 2022-06-23 | CVE-2022-33114 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. | 6.5 |
| 2022-06-02 | CVE-2022-29648 | Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0 A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | 3.5 |