Описание
A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266121 was assigned to this vulnerability.
Ссылки
- ExploitIssue TrackingVendor Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingVendor Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 20221020 (исключая)
cpe:2.3:a:heyewei:jfinalcms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00742
Низкий
2.4 Low
CVSS3
5.4 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-79
EPSS
Процентиль: 73%
0.00742
Низкий
2.4 Low
CVSS3
5.4 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-79