A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| com.jfinal:jfinal(Maven) | 0 | N/A | N/A |
CVSS Metrics
