CVE-2026-36761

The CVE-2026-36761 entry documents a stored XSS vulnerability in JeeSite v5.15.1. The flaw resides in the /msg/msgInner/save endpoint, where crafted input in the msgContent parameter can lead to execution of arbitrary web scripts/HTML. The vulnerability is described with a CVSS v3.1 base score of...

CVE-2026-3404

A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of...

EUVD-2019-1944

Malware in sbrugna...

PT-2025-35512

Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.12.1 Description A vulnerability exists in the decodeUrl2 function of the common/src/main/java/com/jeesite/common/codec/EncodeUtils.java file. This allows for cross site scripting, and the attack can be launch...

CVE-2025-7863

A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be...

CVE-2025-7785

A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.java. The manipulation of the argument redirect leads to open redirect. The attack can be initiated...

CVE-2025-7863

A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be...

PT-2025-30165

Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.12.0 Description An open redirect issue exists in the redirectUrl function located in the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the url argument can lead to an...

CVE-2025-7785

A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.java. The manipulation of the argument redirect leads to open redirect. The attack can be initiated...

CVE-2025-7785

A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.java. The manipulation of the argument redirect leads to open redirect. The attack can be initiated...

CVE-2025-5186

A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request...

CVE-2023-38990

An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator...

CVE-2023-34601

Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component $businessTable at /act/ActDao.xml...

CVE-2023-34601

Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component $businessTable at /act/ActDao.xml...

SQL Injection Vulnerability in Jeesite of Jinan Zhuoyuan Software Co. Ltd (CNVD-2020-41723)

JeeSite is an enterprise information technology development infrastructure platform. Jeesite by Jinan Zhuoyuan Software Co., Ltd. suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...

SQL Injection Vulnerability in Jeesite of Jinan Zhuoyuan Software Co.

JeeSite is an enterprise information technology development infrastructure platform , Java enterprise applications open source framework. Jinan Zhuoyuan Software Co., Ltd. Jeesite SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information...