Description
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
Remediation
References
https://github.com/jflyfox/jfinal_cms/issues/45
Related Vulnerabilities
CVE-2010-1330 Vulnerability in maven package org.jruby:jruby
CVE-2021-21331 Vulnerability in maven package com.datadoghq:datadog-api-client
CVE-2017-16122 Vulnerability in npm package cuciuci
CVE-2021-23472 Vulnerability in npm package bootstrap-table
CVE-2023-30331 Vulnerability in maven package com.ibeetl:beetl