CVE-2024-57771

Name of the Vulnerable Software and Affected Versions JFinalOA versions prior to 2025.01.01

Description A cross-site scripting (XSS) issue in the "common/getEditPage?view" interface allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This could potentially lead to the execution of malicious code on the victim's browser.

Recommendations For versions prior to 2025.01.01, update to version 2025.01.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the "common/getEditPage?view" interface until a patch is applied. Avoid using this interface with untrusted input to minimize the risk of exploitation.