Jfinaloa Project Jfinaloa — known CVE vulnerabilities
Every CVE whose affected-product data names Jfinaloa Project Jfinaloa, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2024-57768 — CVSS 9.8 (critical): JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.
CVE-2024-57769 — CVSS 8.8 (high): JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
CVE-2024-57775 — CVSS 8.8 (high): JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
CVE-2024-57770 — CVSS 8.8 (high): JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
CVE-2021-40645 — CVSS 6.5 (medium): An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the…
CVE-2023-0758 — CVSS 6.3 (medium): A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file…
CVE-2024-57771 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to…
CVE-2024-57772 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to…
CVE-2024-57773 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to…
CVE-2024-57774 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers…
CVE-2024-57776 — CVSS 4.6 (medium): A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to…