I8Vhgrjfinal

**Name of the Vulnerable Software and Affected Versions** JFinalCMS versions up to 20240111 **Description** A problem was found in the processing of the file /admin/template, where the manipulation of the `directory` argument leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For versions up to 20240111, as a temporary workaround, consider restricting access to the /admin/template file until a patch is available. Avoid using the `directory` argument in the affected processing until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.