heyewei JFinalCMS API Endpoint save cross site scripting_CVE-2026-2200

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

Basic Information

ID CVE-2026-2200

Source VulDB

Published Feb 9, 2026 at 01:02

Affected Product

Vendor heyewei

Product JFinalCMS

Version 5.0.0

Affected Versions heyewei JFinalCMS 5.0.0

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.",
    "published": "2026-02-09T01:02:05.911Z",
    "modified": "2026-02-09T01:02:05.911Z",
    "type": "cve",
    "title": "heyewei JFinalCMS API Endpoint save cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344903\nhttps://vuldb.com/?ctiid.344903\nhttps://vuldb.com/?submit.750098\nhttps://github.com/zh-010/my_cve/blob/main/heyewei%20JFinalCMS%20XSS.md",
    "id": "CVE-2026-2200",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "heyewei JFinalCMS 5.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "JFinalCMS",
    "version": "5.0.0",
    "vendor": "heyewei",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}