GSA_kwCzR0hTQS1oamZwLTJqN3EteG14NM4AA3ot

Moderate EPSS: 0.00109% (0.30291 Percentile) EPSS:

Permalink JSON

Cross-site Scripting in JFinalCMS

Affected Packages	Affected Versions	Fixed Versions
maven:com.jfinal:jfinal	<= 5.0.0	No known fixed version
151 Dependent packages 855 Dependent repositories Affected Version Ranges All affected versions 1.4.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 4.9.12, 4.9.13, 4.9.14, 4.9.15, 4.9.16, 4.9.17, 4.9.18, 4.9.19, 4.9.20, 4.9.21, 4.9.22, 4.9.23, 5.0.0

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-49486
https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20model%20management%20department.md
https://github.com/advisories/GHSA-hjfp-2j7q-xmx4

Identifiers

GHSA-hjfp-2j7q-xmx4

CVE-2023-49486

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00109

EPSS Percentile: 0.30291

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/Rabb1ter/cms

Date and time

Published

over 1 year ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories