All 10 CVE vulnerabilities found in JFinalCMS, with AI-generated Chinese analysis, references, and POCs.
Vendor: heyewei
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2200 | heyewei JFinalCMS API Endpoint save cross site scripting CWE-79 | 2.4 | Low | 2026-02-09 |
| CVE-2024-12351 | JFinalCMS File Content ContentModel.java findPage sql injection CWE-89 | 6.3 | Medium | 2024-12-09 |
| CVE-2024-12350 | JFinalCMS Template TemplateController.java update command injection CWE-77 | 6.3 | Medium | 2024-12-09 |
| CVE-2024-12349 | JFinalCMS save cross-site request forgery CWE-352 | 4.3 | Medium | 2024-12-09 |
| CVE-2024-8782 | JFinalCMS edit delete path traversal CWE-22 | 6.3 | Medium | 2024-09-13 |
| CVE-2024-8706 | JFinalCMS com.cms.util.TemplateUtils update path traversal CWE-22 | 4.3 | Medium | 2024-09-11 |
| CVE-2024-8694 | JFinalCMS com.cms.controller.admin.TemplateController update path traversal CWE-22 | 3.8 | Low | 2024-09-11 |
| CVE-2024-5379 | JFinalCMS template cross site scripting CWE-79 | 3.5 | Low | 2024-05-26 |
| CVE-2024-5310 | JFinalCMS content cross site scripting CWE-79 | 2.4 | Low | 2024-05-24 |
| CVE-2024-2568 | heyewei JFinalCMS Custom Data Page sql injection CWE-89 | 4.7 | Medium | 2024-03-17 |
All 10 known CVE vulnerabilities affecting JFinalCMS with full Chinese analysis, references, and POCs where available.