CVE-2023-51254

Name of the Vulnerable Software and Affected Versions Jfinalcms version 5.0.0

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component. This enables the attacker to perform unauthorized actions on the affected system.

Recommendations For Jfinalcms version 5.0.0, consider disabling the friendship link component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.