thinkgem JeeSite
Moderate fix1 remedy
cpe:2.3:a:jeesite:jeesite:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 5.12.0
thinkgem JeeSite Open Redirect Vulnerability in ServletUtils
Vulnerability
An open redirect vulnerability has been identified in thinkgem JeeSite versions through 5.12.0. The issue arises in the `redirectUrl` function within `ServletUtils.java`, where user-controlled URL parameters are not properly validated, allowing for arbitrary redirection. This vulnerability can be exploited remotely, potentially leading to phishing attacks by misdirecting users to malicious sites.
Impact
Exploitation of this vulnerability allows for open redirection, where users can be sent to an external site of the attacker's choosing. This could be used in conjunction with other attacks, such as phishing.
Reproduction
To reproduce this vulnerability, send a request to the `/js/lang/cn` endpoint with a `url` parameter containing the desired redirect URL. The application will redirect the user to the specified URL, bypassing any security checks.
Remediation
Users are advised to update to the latest version of thinkgem JeeSite, where this vulnerability has been patched.
Added: Jul 20, 2025, 3:25 AM
Updated: Jul 20, 2025, 3:25 AM
Vulnerability Rating
Custom Algorithm
spread
0.8impact
0.6exploitability
7.7remediation
7.7relevance
0.3threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.