com.jflyfox:jflyfox_jfinal

Maven6 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.jflyfox:jflyfox_jfinalpage 1 of 1

CVE-2022-29648MEDIUMCVSS 5.4EG 5.4
2022-06-02
vulnerable: 1.8 ... 4.5.0 (11 versions)
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
CVE-2022-30500CRITICALCVSS 9.8EG 9.8
2022-05-26
vulnerable: 1.8 ... 4.5.0 (11 versions)
Jfinal cms 5.1.0 is vulnerable to SQL Injection.
CVE-2022-36527MEDIUMCVSS 5.4EG 5.4
2022-08-25
vulnerable: 1.8 ... 4.5.0 (11 versions)
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
CVE-2022-37199CRITICALCVSS 9.8EG 9.8
2022-08-23
vulnerable: 1.8 ... 4.5.0 (11 versions)
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.
CVE-2022-37223CRITICALCVSS 9.8EG 9.8
2022-08-23
vulnerable: 1.8 ... 4.5.0 (11 versions)
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
CVE-2023-30349CRITICALCVSS 9.8EG 9.8
2023-04-27
vulnerable: 1.8 ... 4.5.0 (11 versions)
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.

Check whether com.jflyfox:jflyfox_jfinal is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.jflyfox:jflyfox_jfinal CVEs against the assets you own.

Start Free Scan →