Chonger123

**Name of the Vulnerable Software and Affected Versions** heyewei JFinalCMS version 5.0.0 **Description** A weakness exists in heyewei JFinalCMS 5.0.0. This issue affects an unknown function within the `/admin/admin/save` API endpoint. A manipulation of this endpoint can lead to cross site scripting. The attack can be launched remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.