Description
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
Remediation
References
https://github.com/jflyfox/jfinal_cms/issues/45
Related Vulnerabilities
CVE-2022-0350 Vulnerability in npm package vditor
CVE-2023-40348 Vulnerability in maven package org.jenkins-ci.plugins:gogs-webhook
CVE-2022-31367 Vulnerability in npm package strapi
CVE-2022-24375 Vulnerability in npm package node-opcua
CVE-2021-41184 Vulnerability in maven package org.webjars:jquery-ui