← voltar
CVE-2025-9796

thinkgem JeeSite EncodeUtils.java decodeUrl2 cross site scripting

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79CWE-94
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.1EPSS 0.3%KEV nãoPoC Patch referenciado
Ciclo de vida
01 set 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Produtos afetados
thinkgem · JeeSite

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/thinkgem/jeesite5/commit/63773c97a56bdb3649510e83b66c16db4754965bhttps://github.com/thinkgem/jeesite5/issues/33https://github.com/thinkgem/jeesite5/issues/33#issue-3330107533https://github.com/thinkgem/jeesite5/issues/33#issuecomment-3197374560https://github.com/thinkgem/jeesite5/releases/tag/v5.13.0.springboo3https://vuldb.com/?ctiid.322111https://vuldb.com/?id.322111https://vuldb.com/?submit.641125