Yukino-Hiki

**Name of the Vulnerable Software and Affected Versions** Jfinalcms version 5.0.0 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component. This enables the attacker to perform unauthorized actions on the affected system. **Recommendations** For Jfinalcms version 5.0.0, consider disabling the friendship link component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JFinalcms version 5.0.0 **Description** The issue is related to Cross Site Scripting (XSS) in the site management office. This means an attacker could potentially inject malicious scripts into the website, affecting users who visit the site. **Recommendations** For JFinalcms version 5.0.0, update to a version that fixes the Cross Site Scripting (XSS) issue in the site management office. At the moment, there is no information about a newer version that contains a fix for this vulnerability.