Cross-Site Scripting Vulnerability in Jfinal CMS by Jfinal
CVE-2023-24747

5.4MEDIUM

Key Information:

Vendor: Jflyfox
Status: Jfinal Cms
Vendor: CVE Published:; 5 April 2023

What is CVE-2023-24747?

A cross-site scripting vulnerability has been identified in Jfinal CMS version 5.1. This flaw could allow attackers to inject malicious scripts through the /system/dict/list component, potentially compromising user data and web application security. It underscores the importance of robust input validation and sanitization mechanisms in web applications to mitigate such risks.

References

https://gist.github.com/Threonic/a262c19ed5027e5a7fe0b97b...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 5, 2023
Vulnerability Reserved
Jan 30, 2023

CVE-2023-24747 Data

JSON

Jflyfox

What is CVE-2023-24747?

References

CVSS V3.1

Timeline