Jfinaloa_project Jfinaloa

11 CVEs affecting Jfinaloa_project Jfinaloa. Latest disclosed: 2025-01-16. Critical: 1, High: 3.

Top CVEs affecting Jfinaloa_project Jfinaloa
CVESeverityScorePublishedSummary
CVE-2024-57768Critical9.82025-01-16JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.
CVE-2024-57775High8.82025-01-16JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
CVE-2024-57770High8.82025-01-16JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
CVE-2024-57769High8.82025-01-16JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
CVE-2021-40645Medium6.52022-03-30An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.
CVE-2023-0758Medium6.32023-02-09A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/poin…
CVE-2024-57774Medium4.82025-01-16A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrar…
CVE-2024-57773Medium4.82025-01-16A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary w…
CVE-2024-57772Medium4.82025-01-16A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary w…
CVE-2024-57771Medium4.82025-01-16A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web sc…
CVE-2024-57776Medium4.62025-01-16A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web sc…