Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS03NjVmLTNtZ3gtMjRwd84AA3kd

High EPSS: 0.00281% (0.51118 Percentile) EPSS:
Permalink JSON

Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/delete

Affected Packages Affected Versions Fixed Versions
maven:com.jfinal:jfinal <= 5.0.0 No known fixed version
151 Dependent packages
855 Dependent repositories

Affected Version Ranges

All affected versions

1.4.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 4.9.12, 4.9.13, 4.9.14, 4.9.15, 4.9.16, 4.9.17, 4.9.18, 4.9.19, 4.9.20, 4.9.21, 4.9.22, 4.9.23, 5.0.0

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.

References:

Identifiers

GHSA-765f-3mgx-24pw

CVE-2023-49380

Risk

Severity

High

EPSS

EPSS Percentage: 0.00281

EPSS Percentile: 0.51118

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/cui2shark/cms

Date and time

Published

over 1 year ago

Updated

over 1 year ago

API

JSON