A vulnerability described as problematic has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting.
This vulnerability is tracked as CVE-2026-2200. The attack can be launched remotely. Moreover, an exploit is present.
