Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS01ZjU2LWg2ZmctcmNyaM4AA3kg

High EPSS: 0.00268% (0.50016 Percentile) EPSS:
Permalink JSON

Cross-Site Request Forgery in JFinalCMS via /admin/category/updateStatus

Affected Packages Affected Versions Fixed Versions
maven:com.jfinal:jfinal <= 5.0.0 No known fixed version
151 Dependent packages
855 Dependent repositories

Affected Version Ranges

All affected versions

1.4.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 4.9.12, 4.9.13, 4.9.14, 4.9.15, 4.9.16, 4.9.17, 4.9.18, 4.9.19, 4.9.20, 4.9.21, 4.9.22, 4.9.23, 5.0.0

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.

References:

Identifiers

GHSA-5f56-h6fg-rcrh

CVE-2023-49397

Risk

Severity

High

EPSS

EPSS Percentage: 0.00268

EPSS Percentile: 0.50016

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/nightcloudos/new_cms

Date and time

Published

over 1 year ago

Updated

over 1 year ago

API

JSON