CVE-2021-33348
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-33348
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33348.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-33348
- Aliases
- Published
- 2021-06-24T15:15:08Z
- Modified
- 2025-07-29T09:57:41.533388Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.
- References
Affected packages
Git / github.com/jfinal/jfinal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jfinal/jfinal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
jfinal-1.*
jfinal-1.9
jfinal-2.*
jfinal-2.0
jfinal-2.1
jfinal-2.2
jfinal-3.*
jfinal-3.0
jfinal-3.1
jfinal-3.2
jfinal-3.3
jfinal-3.4
jfinal-3.5
jfinal-3.6
jfinal-3.7
jfinal-3.8
jfinal-4.*
jfinal-4.0
jfinal-4.1
jfinal-4.2
jfinal-4.3
jfinal-4.4
jfinal-4.5
jfinal-4.6
jfinal-4.7
jfinal-4.8
jfinal-4.9
jfinal-4.9.02
jfinal-4.9.03
jfinal-4.9.04
jfinal-4.9.05
jfinal-4.9.06
jfinal-4.9.08
jfinal-4.9.09
jfinal-4.9.10