CVE-2026-2200 PUBLISHED

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

• chonger123 (VulDB User) reporter

• VDB-344903 | heyewei JFinalCMS API Endpoint save cross site scripting
• VDB-344903 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #750098 | heyewei heyewei JFinalcms 5.0.0 Improper Neutralization of Input During Web Page Generation
• https://github.com/zh-010/my_cve/blob/main/heyewei%20JFinalCMS%20XSS.md

• Cross Site Scripting CWE
• Code Injection CWE