CVE-2021-33348

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.
References
Link Resource
https://github.com/jfinal/jfinal/issues/188 Exploit Issue Tracking Third Party Advisory
https://github.com/jfinal/jfinal/issues/188 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:jfinal:jfinal:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:08

Type Values Removed Values Added
References () https://github.com/jfinal/jfinal/issues/188 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/jfinal/jfinal/issues/188 - Exploit, Issue Tracking, Third Party Advisory

30 Jun 2021, 20:29

Type Values Removed Values Added
References (MISC) https://github.com/jfinal/jfinal/issues/188 - (MISC) https://github.com/jfinal/jfinal/issues/188 - Exploit, Issue Tracking, Third Party Advisory
CPE cpe:2.3:a:jfinal:jfinal:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1
CWE CWE-79

24 Jun 2021, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-06-24 15:15

Updated : 2024-11-21 06:08


NVD link : CVE-2021-33348

Mitre link : CVE-2021-33348

CVE.ORG link : CVE-2021-33348


JSON object : View

Products Affected

jfinal

  • jfinal
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')