Description
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
Remediation
References
https://github.com/li-yu320/cms/blob/main/There%20is%20a%20CSRF%20at%20the%20deletion%20point%20of%20the%20broadcast%20image.md
Related Vulnerabilities
CVE-2023-37912 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-macro-footnotes
CVE-2017-12617 Vulnerability in maven package org.apache.tomcat:tomcat-util
CVE-2021-25915 Vulnerability in npm package changeset
CVE-2023-26133 Vulnerability in npm package progressbar.js
CVE-2020-14967 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign