Jfinal CMS v5.1 exists to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.
jflyfox jfinal cms 5.1