CVE-2023-49486

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 8, 2023

Updated: Dec 12, 2023

CWE ID 79

Summary

CVE-2023-49486 is a newly disclosed cross-site scripting (XSS) vulnerability affecting JFinalCMS version 5.0.0. An attacker can exploit this issue by injecting malicious scripts into the model management department of the affected CMS, potentially gaining the ability to steal user data or take control of user sessions. Successful exploitation of this vulnerability could lead to significant security risks for organizations using JFinalCMS version 5.0.0. It is recommended that users immediately update their systems to the latest available version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tlEwQq
https://www.cve.org/CVERecord?id=CVE-2023-49486
https://nvd.nist.gov/vuln/detail/CVE-2023-49486

Back to Vulnerability Database

CVE-2023-49486

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations