Description
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
Remediation
References
https://github.com/ysuzhangbin/cms/blob/main/There%20is%20a%20CSRF%20in%20the%20newly%20added%20navigation%20management%20area.md
Related Vulnerabilities
CVE-2022-40635 Vulnerability in maven package org.craftercms:craftercms
CVE-2023-42795 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2016-7103 Vulnerability in npm package jquery-ui
CVE-2022-25898 Vulnerability in npm package jsrsasign
CVE-2023-37957 Vulnerability in maven package io.jenkins.plugins:pipeline-restful-api