CVE-2021-33348 – com.jfinal:jfinal

Package

Manager: maven
Name: com.jfinal:jfinal
Vulnerable Version: >=0 <4.9.11

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00201 pctl0.42383

Details

Cross-site scripting in jfinal An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.

Metadata

Created: 2021-08-13T15:22:14Z
Modified: 2021-07-01T21:48:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-2c25-xfpq-8w9r/GHSA-2c25-xfpq-8w9r.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-2c25-xfpq-8w9r
Finding: F425
Auto approve: 1