Qq87234770

**Name of the Vulnerable Software and Affected Versions** Jfinal CMS version 5.1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted `X-Forwarded-For` request. This enables attackers to potentially inject malicious code into websites, affecting user sessions. **Recommendations** For Jfinal CMS version 5.1.0, update to a version that fixes this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.