CVE-2022-29648: XSS
First published: Thu Jun 02 2022(Updated: )
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jflyfox Jfinal Cms | =5.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-29648?
The severity of CVE-2022-29648 is medium with a CVSS score of 5.4.
How does the cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 affect users?
The cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
Which version of Jfinal CMS is affected by CVE-2022-29648?
Jfinal CMS v5.1.0 is affected by CVE-2022-29648.
Is there a known fix for the cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0?
At the moment, there is no known fix for the cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0. It is recommended to stay updated with the latest security patches and monitor for any official announcements from the vendor.
Where can I find more information about CVE-2022-29648?
You can find more information about CVE-2022-29648 at the following link: https://github.com/jflyfox/jfinal_cms/issues/34
- collector/nvd-index
- agent/type
- vendor/jflyfox
- canonical/jflyfox jfinal cms
- version/jflyfox jfinal cms/5.1.0