CVE-2021-33348

Опубликовано: 24 июн. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.

Ссылки

https://github.com/jfinal/jfinal/issues/188
Exploit
Issue Tracking
Third Party Advisory
https://github.com/jfinal/jfinal/issues/188
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jfinal:jfinal:*:*:*:*:*:*:*:*

Версия до 4.9.10 (включая)

EPSS

Процентиль: 42%

0.00201

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2c25-xfpq-8w9r