GSA_kwCzR0hTQS14djdwLWp3NDYtOHI4Nc4AA3xe

Moderate EPSS: 0.00086% (0.26161 Percentile) EPSS:

Permalink JSON

Cross-site Scripting in JFinalcms

Affected Packages	Affected Versions	Fixed Versions
maven:com.jfinal:jfinal	<= 5.0.0	No known fixed version
151 Dependent packages 855 Dependent repositories Affected Version Ranges All affected versions 1.4.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 4.9.12, 4.9.13, 4.9.14, 4.9.15, 4.9.16, 4.9.17, 4.9.18, 4.9.19, 4.9.20, 4.9.21, 4.9.22, 4.9.23, 5.0.0

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-50137
https://github.com/yukino-hiki/CVE/blob/main/3/There%20is%20a%20storage%20type%20xss%20in%20the%20site%20management%20office.md
https://github.com/advisories/GHSA-xv7p-jw46-8r85

Identifiers

GHSA-xv7p-jw46-8r85

CVE-2023-50137

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00086

EPSS Percentile: 0.26161

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yukino-hiki/CVE

Date and time

Published

over 1 year ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories