CVE-2021-33348
MEDIUM6.1EPSS 0.20%Cross-site scripting in jfinal
發布日:2021/8/13修改日:2023/11/8
描述
An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.
受影響套件(1)
- Maven/com.jfinal:jfinalfrom 0, < 4.9.11
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |