Description
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
Remediation
References
https://github.com/jflyfox/jfinal_cms/issues/45
Related Vulnerabilities
CVE-2022-28157 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest
CVE-2022-33980 Vulnerability in maven package org.apache.commons:commons-configuration2
CVE-2022-31150 Vulnerability in npm package undici
CVE-2022-21810 Vulnerability in npm package smartctl
CVE-2022-36007 Vulnerability in maven package com.github.jlangch:venice