CVE-2023-49376: CSRF
First published: Tue Dec 05 2023(Updated: )
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/com.jfinal:jfinal | <=5.0.0 | |
| JFinalCMS | =5.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-49376?
The severity of CVE-2023-49376 is high with a score of 8.8.
How does JFinalCMS v5.0.0 in the affected software?
JFinalCMS v5.0.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability.
What is the vulnerability ID for JFinalCMS v5.0.0?
The vulnerability ID for JFinalCMS v5.0.0 is CVE-2023-49376.
What is the CWE for CVE-2023-49376?
The CWE for CVE-2023-49376 is CWE-352.
How do I fix the Cross-Site Request Forgery (CSRF) vulnerability in JFinalCMS v5.0.0?
To fix the CSRF vulnerability in JFinalCMS v5.0.0, update to the latest version of JFinalCMS and apply any available patches or security updates.
- collector/github-advisory-latest
- alias/GHSA-w492-7g9m-j2ww
- alias/CVE-2023-49376
- collector/github-advisory
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/maven
- vendor/jfinalcms project
- canonical/jfinalcms
- version/jfinalcms/5.0.0