Arbitrary Web Script Execution in Jfinal CMS v5.1.0 via Crafted Payload in Post Title Field

Arbitrary Web Script Execution in Jfinal CMS v5.1.0 via Crafted Payload in Post Title Field

CVE-2022-36527 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.

Learn more about our Web App Pen Testing.