com.jfinal:jfinal@4.9.09 vulnerabilities
-
latest version
5.1.7
-
first published
11 years ago
-
latest version published
2 months ago
-
licenses detected
- [1.4,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.jfinal:jfinal package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') via the site management office. An attacker can inject malicious scripts that may be executed in the context of the user's browser session by submitting crafted input to the affected component. How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') via the Label management editing feature. An attacker can inject and execute arbitrary script code in the context of the user's browser session by submitting a crafted payload through the editing interface. How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). An attacker can inject malicious scripts that may be executed in the context of the user's browser session by submitting crafted input. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the carousel image editing feature. An attacker can inject malicious scripts that may be executed in the context of the user's browser by submitting crafted input. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') via the How to fix Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') via the navigation management department. An attacker can inject malicious scripts that may be executed in the context of the user's browser by submitting crafted input to the affected component. How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the model management department. An attacker can inject malicious scripts that may be executed in the context of the user's browser session . How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the column management functionality. An attacker can inject and execute arbitrary script code in the context of the user's browser session by submitting crafted input. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the component How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via a specially crafted request to the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) via the How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Arbitrary Code Execution via the How to fix Arbitrary Code Execution? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. A deserialization vulnerability exists when using redis, which may lead to code execution. How to fix Deserialization of Untrusted Data? There is no fixed version for |
[0,)
|
com.jfinal:jfinal is a JFinal is a simple, light, rapid,independent, extensible Java WEB + ORM framework. The feature of JFinal looks like ruby on rails especially ActiveRecord. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|