Vulnerabilities > Jflyfox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-23 | CVE-2022-37199 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. | 9.8 |
| 2022-08-03 | CVE-2022-34928 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. | 8.8 |
| 2022-06-23 | CVE-2022-33113 | Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. | 5.4 |
| 2022-06-23 | CVE-2022-33114 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. | 7.2 |
| 2022-06-02 | CVE-2022-29648 | Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0 A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | 5.4 |
| 2022-05-26 | CVE-2022-30500 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal cms 5.1.0 is vulnerable to SQL Injection. | 9.8 |
| 2022-05-05 | CVE-2021-42242 | Unspecified vulnerability in Jflyfox Jfinal CMS 5.0.1 A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. | 9.8 |
| 2022-05-03 | CVE-2022-28505 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. | 7.2 |
| 2022-04-11 | CVE-2022-27111 | Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. | 5.4 |
| 2022-01-25 | CVE-2021-46087 | Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0 In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. | 5.4 |