PT-2023-19764 · Jfinalcms · Jfinalcms
Threonic
·
Published
2023-04-05
·
Updated
2025-02-13
·
CVE-2023-24747
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jfinal CMS version 5.1
Description
A cross-site scripting (XSS) issue was found in Jfinal CMS via the component "/system/dict/list". This component is an API endpoint that is susceptible to XSS attacks.
Recommendations
For Jfinal CMS version 5.1, consider disabling access to the "/system/dict/list" API endpoint until a patch is available. Restrict input to this endpoint to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jfinalcms