com.jflyfox:jflyfox_jfinal (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package com.jflyfox:jflyfox_jfinal, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2023-30349 — CVSS 9.8 (critical): JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.
CVE-2022-29648 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2022-36527 — CVSS 5.4 (medium): Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field…