Superleehop

**Name of the Vulnerable Software and Affected Versions** JFinal CMS version 5.1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `email` parameter under "/front/person/profile.html". **Recommendations** For JFinal CMS version 5.1.0, consider disabling access to the "/front/person/profile.html" endpoint until a patch is available, and restrict the use of the `email` parameter to minimize the risk of exploitation.