Description
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
Remediation
References
https://github.com/jflyfox/jfinal_cms/issues/45
Related Vulnerabilities
CVE-2020-7788 Vulnerability in npm package ini
CVE-2018-16461 Vulnerability in npm package libnmap
CVE-2022-21724 Vulnerability in maven package org.postgresql:postgresql
CVE-2023-26920 Vulnerability in maven package org.webjars.npm:fast-xml-parser
CVE-2015-1169 Vulnerability in maven package org.jasig.cas:cas-server-support-ldap