Description
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
Remediation
References
https://github.com/jflyfox/jfinal_cms/issues/45
Related Vulnerabilities
CVE-2021-32673 Vulnerability in npm package reg-keygen-git-hash-plugin
CVE-2023-25576 Vulnerability in npm package @fastify/multipart
CVE-2022-31170 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable
CVE-2022-31160 Vulnerability in maven package org.fujion.webjars:jquery-ui
CVE-2021-33562 Vulnerability in maven package com.shopizer:shopizer