PT-2022-18229 · Jfinalcms · Jfinalcms

Published

2022-04-11

Updated

2022-04-15

CVE-2022-27111

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jfinal CMS version 5.1.0

Description The issue allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. This can potentially lead to unauthorized access or control of the administrator backend.

Recommendations For Jfinal CMS version 5.1.0, consider disabling the feedback function until a patch is available to prevent the execution of malicious XSS code. Restrict access to the administrator backend to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-27111

Affected Products

Jfinalcms

PT-2022-18229 · Jfinalcms · Jfinalcms

CVE-2022-27111

Weakness Enumeration

Related Identifiers

Affected Products

References · 5