CNNVD-202509-030 Information
CNNVD ID
CNNVD-202509-030
Related CVE
- CNNVD Published: 2025-09-01
Description (Chinese)
Thinkgem JeeSite是中国卓源(Thinkgem)公司的一套开源的Java EE企业级快速开发平台。该平台包括系统权限组件、数据权限组件、数据字典组件、核心工具组件、视图操作组件、工作流组件和代码生成组件等。 Thinkgem JeeSite 5.12.1及之前版本存在安全漏洞,该漏洞源于对文件common/src/main/java/com/jeesite/common/codec/EncodeUtils.java中函数decodeUrl2的错误操作导致跨站脚本攻击。
Description (English)
Thinkgem JeeSite is an open-source version of the Java EE enterprise-level rapid development platform of Thinkgem, China. The platform includes the system rights component, the data rights component, the data dictionary component, the core tool component, the view operation component, the workflow component and the code generation component. There is a security loophole in Thinkgem JeeSite 5.12.1 and earlier versions, which stems from the error in the function decodeUrl2 of document Common/src/main/java/com/jeesite/common/code/EncodeUtils.java resulting in a cross-site script attack.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
卓源
Published
2025-09-01
Last Modified
2026-02-24
References
https://vuldb.com/?submit.641125 https://vuldb.com/?id.322111 https://vuldb.com/?ctiid.322111 https://github.com/thinkgem/jeesite5/releases/tag/v5.13.0.springboo3 https://github.com/thinkgem/jeesite5/issues/33#issuecomment-3197374560 https://github.com/thinkgem/jeesite5/issues/33#issue-3330107533 https://github.com/thinkgem/jeesite5/commit/63773c97a56bdb3649510e83b66c16db4754965b https://access.redhat.com/security/cve/cve-2025-9796 https://nvd.nist.gov/vuln/detail/CVE-2025-9796
Patch
https://github.com/thinkgem/jeesite5/releases
Share on: