Jfinal_CMS 5.1.0 allows malicious users to use the feedback function to send malicious XSS code to the administrator backend and execute it.
jflyfox jfinal cms 5.1.0