Security Advisory
CVE-2020-19148
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the Nickname parameter in the component /jfinal_cms/front/person/profile.html.