Jfinaloa_project Jfinaloa
11 CVEs affecting Jfinaloa_project Jfinaloa. Latest disclosed: 2025-01-16. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-57768 | Critical | 9.8 | 2025-01-16 | JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key. |
CVE-2024-57775 | High | 8.8 | 2025-01-16 | JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid. |
CVE-2024-57770 | High | 8.8 | 2025-01-16 | JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id. |
CVE-2024-57769 | High | 8.8 | 2025-01-16 | JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser. |
CVE-2021-40645 | Medium | 6.5 | 2022-03-30 | An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController. |
CVE-2023-0758 | Medium | 6.3 | 2023-02-09 | A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/poin… |
CVE-2024-57774 | Medium | 4.8 | 2025-01-16 | A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrar… |
CVE-2024-57773 | Medium | 4.8 | 2025-01-16 | A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary w… |
CVE-2024-57772 | Medium | 4.8 | 2025-01-16 | A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary w… |
CVE-2024-57771 | Medium | 4.8 | 2025-01-16 | A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web sc… |
CVE-2024-57776 | Medium | 4.6 | 2025-01-16 | A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web sc… |