thinkgem JeeSite
Moderate fix1 remedy
cpe:2.3:a:jeesite:jeesite:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 5.12.1
thinkgem JeeSite Cross-Site Scripting Vulnerability in EncodeUtils.java
Vulnerability
Patched
A cross-site scripting (XSS) vulnerability has been identified in thinkgem JeeSite versions prior to 5.12.1. The issue resides in the 'decodeUrl2' function of 'EncodeUtils.java', where improper input sanitization allows for the injection of malicious scripts. This vulnerability can be exploited remotely, requiring user interaction.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Reproduction
To reproduce this vulnerability, upload a payload that includes an XSS vector, such as an 'embed' tag with a 'data' URL, to a field that is processed by the 'decodeUrl2' function. The injected script will be executed when the data is viewed.
Remediation
Users are advised to upgrade to JeeSite version 5.13.0, which addresses this vulnerability.
Added: Sep 1, 2025, 10:23 PM
Updated: Sep 1, 2025, 10:23 PM
Vulnerability Rating
Custom Algorithm
spread
0.8impact
1.7exploitability
6.3remediation
7.7relevance
0.4threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.