thinkgem JeeSite EncodeUtils.java decodeUrl2 cross site scripting_CVE-2025-9796

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended.

Basic Information

ID CVE-2025-9796

Source VulDB

Published Sep 1, 2025 at 21:32

Affected Product

Vendor thinkgem

Product JeeSite

Version 5.12.0

Affected Versions thinkgem JeeSite 5.12.0
thinkgem JeeSite 5.12.1

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended.",
    "published": "2025-09-01T21:32:08.508Z",
    "modified": "2025-09-01T21:32:08.508Z",
    "type": "cve",
    "title": "thinkgem JeeSite EncodeUtils.java decodeUrl2 cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.322111\nhttps://vuldb.com/?ctiid.322111\nhttps://vuldb.com/?submit.641125\nhttps://github.com/thinkgem/jeesite5/issues/33\nhttps://github.com/thinkgem/jeesite5/issues/33#issuecomment-3197374560\nhttps://github.com/thinkgem/jeesite5/issues/33#issue-3330107533\nhttps://github.com/thinkgem/jeesite5/commit/63773c97a56bdb3649510e83b66c16db4754965b\nhttps://github.com/thinkgem/jeesite5/releases/tag/v5.13.0.springboo3",
    "id": "CVE-2025-9796",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "thinkgem JeeSite 5.12.0\nthinkgem JeeSite 5.12.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "JeeSite",
    "version": "5.12.0",
    "vendor": "thinkgem",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}