CVE-2024-57773

Name of the Vulnerable Software and Affected Versions JFinalOA versions prior to 2025.01.01

Description A cross-site scripting (XSS) issue in the openSelectManyUserPage?orgid interface of JFinalOA allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the affected system.

Recommendations For versions prior to 2025.01.01, update to version 2025.01.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the openSelectManyUserPage?orgid interface until a patch is applied. Avoid using the interface with untrusted input to minimize the risk of exploitation.