CVE-2021-33348: Cross-site Scripting

June 24, 2021 (updated June 30, 2021)

An issue was discovered in JFinal framework v4.9.10. The set method of the Controller class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.

References

github.com/jfinal/jfinal/issues/188
nvd.nist.gov/vuln/detail/CVE-2021-33348

Detect and mitigate CVE-2021-33348 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →