CVE-2023-22975: XSS
First published: Fri Feb 03 2023(Updated: )
A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jflyfox Jfinal Cms | =5.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for jfinal_cms 5.1.0?
The vulnerability ID for jfinal_cms 5.1.0 is CVE-2023-22975.
What is the severity of CVE-2023-22975?
The severity of CVE-2023-22975 is medium with a CVSS score of 6.1.
What software version is affected by CVE-2023-22975?
The software version affected by CVE-2023-22975 is jfinal_cms 5.1.0.
What is the CWE category of CVE-2023-22975?
The CWE category of CVE-2023-22975 is CWE-79 (Cross-Site Scripting).
Is there a fix available for CVE-2023-22975?
Yes, there is a fix available for CVE-2023-22975. It is recommended to update jfinal_cms to a version that is not vulnerable.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/jflyfox
- canonical/jflyfox jfinal cms
- version/jflyfox jfinal cms/5.1.0