An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.
References
Link | Resource |
---|---|
https://github.com/jfinal/jfinal/issues/188 | Exploit Issue Tracking Third Party Advisory |
https://github.com/jfinal/jfinal/issues/188 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 06:08
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/jfinal/jfinal/issues/188 - Exploit, Issue Tracking, Third Party Advisory |
30 Jun 2021, 20:29
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/jfinal/jfinal/issues/188 - Exploit, Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:jfinal:jfinal:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CWE | CWE-79 |
24 Jun 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-24 15:15
Updated : 2024-11-21 06:08
NVD link : CVE-2021-33348
Mitre link : CVE-2021-33348
CVE.ORG link : CVE-2021-33348
JSON object : View
Products Affected
jfinal
- jfinal
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')