Al1Exo

**Name of the Vulnerable Software and Affected Versions** jfinal cms versions 5.1.0 and later **Description** The issue is related to a storage XSS vulnerability in the background system of the CMS. This occurs because the developers do not filter the parameters submitted by the user input form, allowing any user with background permission to affect the system security by entering malicious code. **Recommendations** For jfinal cms versions 5.1.0 and later, consider filtering parameters submitted by the user input form to prevent malicious code entry. As a temporary workaround, restrict background permission to trusted users until a proper fix is implemented.