Description
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
Remediation
References
https://github.com/jflyfox/jfinal_cms/issues/45
Related Vulnerabilities
CVE-2022-36921 Vulnerability in maven package org.jenkins-ci.plugins:coverity
CVE-2020-25724 Vulnerability in maven package io.quarkus:quarkus-resteasy-reactive-parent-aggregator
CVE-2019-5479 Vulnerability in npm package larvitbase-api
CVE-2019-12041 Vulnerability in maven package org.webjars.bowergithub.jonschlinkert:remarkable