CVE-2020-19148 – Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to exe …

Vuln ID: CVE-2020-19148

Published:  2021-09-15  14:15:08Z

Description: Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the ‘Nickname’ parameter in the component ‘/jfinal_cms/front/person/profile.html’.

Source: NVD.NIST.GOV