{"id":6890,"date":"2025-06-16T00:07:04","date_gmt":"2025-06-16T00:07:04","guid":{"rendered":"http:\/\/localhost\/?p=6890"},"modified":"2025-06-16T00:07:04","modified_gmt":"2025-06-16T00:07:04","slug":"jflyfox-jfinalcms-homejava-cross-site-request-forgery","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6890","title":{"rendered":"jflyfox jfinal_cms HOME.java cross-site request forgery"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\njflyfox jfinal_cms HOME.java cross-site request forgery<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-16T04:00:09.744Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\njflyfox<\/td>\n<\/tr>\n
Product<\/th>\njfinal_cms<\/td>\n<\/tr>\n
Version<\/th>\n5.0.1<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:P\/VC:N\/VI:L\/VA:N\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA cross-site request forgery (CSRF) vulnerability in jflyfox jfinal_cms 5.0.1 allows remote attackers to trick users into performing unintended actions, such as logging out, by manipulating the Logout argument in the HOME.java file. The vendor was notified but did not respond.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\njflyfox<\/td>\n<\/tr>\n
Product<\/th>\njfinal_cms<\/td>\n<\/tr>\n
Affected Version<\/th>\n5.0.1<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n