Vulnerabilities > Jflyfox > Jfinal CMS > Low

DATE CVE VULNERABILITY TITLE RISK
2022-06-23 CVE-2022-33113 Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module.
network
jflyfox CWE-79
3.5
2022-06-02 CVE-2022-29648 Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
network
jflyfox CWE-79
3.5
2022-04-11 CVE-2022-27111 Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0
Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.
network
jflyfox CWE-79
3.5
2022-01-25 CVE-2021-46087 Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0
In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS.
network
jflyfox CWE-79
3.5
2021-09-15 CVE-2020-19148 Cross-site Scripting vulnerability in Jflyfox Jfinal CMS
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.
network
jflyfox CWE-79
3.5