Headline
GHSA-8rp2-j3vj-hgj4: Cross site scripting in Jfinal
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
Cross site scripting in Jfinal
Moderate severity GitHub Reviewed Published Jun 3, 2022 • Updated Jun 3, 2022
Related news
CVE-2022-29648: There is an xss vulnerability of HTTP header injection storage in jfinal_cms V5.1.0 · Issue #34 · jflyfox/jfinal_cms
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.