Jfinalcmsproject Jfinalcms
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Jfinalcmsproject Jfinalcms.
By the Year
In 2026 there have been 0 vulnerabilities in Jfinalcmsproject Jfinalcms. Jfinalcms did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 10 | 6.55 |
| 2023 | 28 | 7.78 |
| 2022 | 1 | 9.80 |
It may take a day or so for new Jfinalcms vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jfinalcmsproject Jfinalcms Security Vulnerabilities
JFinalCMS v5.0.0 SQLi via /admin/div_data/data (Java CMS)
CVE-2024-40322
8.8 - High
- July 16, 2024
An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data
SQL Injection
XSS in JfinalCMS 5.0.0 Friendship Link
CVE-2023-51254
- April 29, 2024
Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component.
SQLi via /admin/admin name in JfinalCMS 5.0.0
CVE-2024-24375
- March 07, 2024
SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter.
JFinalCMS 5.0.0 SQLi in /admin/content/data
CVE-2024-24029
9.8 - Critical
- February 02, 2024
JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.
SQL Injection
JFinalCMS 5.0.0 XSS via password param in /admin/login
CVE-2024-22497
6.1 - Medium
- January 23, 2024
Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.
XSS
XSS via Login Username Param in JFinalcms 5.0.0
CVE-2024-22496
6.1 - Medium
- January 23, 2024
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.
XSS
JFinalcms 5.0.0 Stored XSS via /guestbook/save contact param
CVE-2024-22492
5.4 - Medium
- January 12, 2024
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.
XSS
JFinalcms 5.0.0 Stored XSS via /guestbook/save content param
CVE-2024-22493
5.4 - Medium
- January 12, 2024
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.
XSS
Stored XSS in JFinalCMS 5.0.0 via /gusetbook/save mobile param
CVE-2024-22494
5.4 - Medium
- January 12, 2024
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.
XSS
JFinalcms 5.0.0 XSS via name field in custom table creation
CVE-2023-50136
5.4 - Medium
- January 09, 2024
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.
XSS
JFinalCMS 5.0.0 XSS via Carousel Image Edit
CVE-2023-50100
5.4 - Medium
- December 14, 2023
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.
XSS
JFinalcms 5.0.0 XSS via Label Management Edit
CVE-2023-50101
5.4 - Medium
- December 14, 2023
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
XSS
XSS Vulnerability in JFinalCMS 5.0.0
CVE-2023-50102
5.4 - Medium
- December 14, 2023
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).
XSS
JFinalcms 5.0.0 XSS in Site Management Office
CVE-2023-50137
5.4 - Medium
- December 14, 2023
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
XSS
JFinalCMS 5.0 Remote File Read via ../ Directory Traversal (CVE-2023-50449)
CVE-2023-50449
7.5 - High
- December 10, 2023
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
Directory traversal
XSS in JFinalCMS 5.0.0 Column Management
CVE-2023-49485
5.4 - Medium
- December 08, 2023
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.
XSS
XSS in JFinalCMS v5.0.0 Model Mgmt CVE-2023-49486
CVE-2023-49486
5.4 - Medium
- December 08, 2023
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.
XSS
XSS in JFinalCMS 5.0.0 Navigation Component
CVE-2023-49487
5.4 - Medium
- December 08, 2023
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
XSS
JFinalCMS 5.0.0 CSRF via /admin/slide/delete
CVE-2023-49373
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
Session Riding
JFinalCMS 5.0.0 CSRF via /admin/slide/save
CVE-2023-49372
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.
Session Riding
JFinalCMS v5.0.0 CSRF via /admin/slide/update
CVE-2023-49374
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.
Session Riding
JFinalCMS v5.0.0 - CSRF via admin/nav/delete
CVE-2023-49448
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
Session Riding
JFinalCMS 5.0.0 CSRF via /admin/nav/update
CVE-2023-49447
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
Session Riding
JFinalCMS 5.0.0 CSRF via /admin/nav/save
CVE-2023-49446
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
Session Riding
JFinalCMS 5.0.0 CSRF via /admin/category/delete
CVE-2023-49398
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
Session Riding
JFinalCMS 5.0.0 CSRF via /admin/category/updateStatus
CVE-2023-49397
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.
Session Riding
JFinalCMS v5.0.0 CSRF via /admin/category/save
CVE-2023-49396
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.
Session Riding
JFinalCMS 5.0 CSRF via /admin/category/update
CVE-2023-49395
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.
Session Riding
JFinalCMS 5.0.0 - CSRF via /admin/tag/save in Admin Interface
CVE-2023-49383
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.
Session Riding
JFinalCMS 5.0.0 CSRF via /admin/div/delete
CVE-2023-49382
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.
Session Riding
JFinalCMS v5.0.0 CSRF via /admin/div/update
CVE-2023-49381
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.
Session Riding
JFinalCMS v5.0.0 CSRF via /admin/friend_link/delete
CVE-2023-49380
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.
Session Riding
JFinalCMS 5.0.0 CSRF via /admin/friend_link/save
CVE-2023-49379
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.
Session Riding
JFinalCMS 5.0.0 CSRF via /admin/form/save
CVE-2023-49378
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.
Session Riding
CSRF in JFinalCMS v5.0.0 via /admin/tag/update
CVE-2023-49377
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.
Session Riding
JFinalCMS 5.0.0 CSRF via /admin/tag/delete
CVE-2023-49376
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.
Session Riding
JFinalCMS 5.0.0 CSRF via /admin/friend_link/update
CVE-2023-49375
8.8 - High
- December 05, 2023
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.
Session Riding
JFinalCMS 5.0.0 Directory Traversal via DownController.java
CVE-2023-41599
5.3 - Medium
- September 19, 2023
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.
Directory traversal
JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability
CVE-2022-27341
9.8 - Critical
- April 22, 2022
JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jfinalcmsproject Jfinalcms or by Jfinalcmsproject? Click the Watch button to subscribe.
