CVE-2025-7865: Cross Site Scripting in thinkgem JeeSite
A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/EncodeUtils.java of the component XSS Filter. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3585737d21fe490ff6948d913fcbd8d99c41fc08. It is recommended to apply a patch to fix this issue.
CVE-2025-7865: Cross Site Scripting in thinkgem JeeSite
Description
A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/EncodeUtils.java of the component XSS Filter. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3585737d21fe490ff6948d913fcbd8d99c41fc08. It is recommended to apply a patch to fix this issue.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-07-19T04:17:17.052Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 687c62fca83201eaac00bf96
Added to database: 7/20/2025, 3:31:08 AM
Last updated: 7/20/2025, 3:31:08 AM
Views: 1
Related Threats
CVE-2025-7864: Unrestricted Upload in thinkgem JeeSite
MediumCVE-2025-7863: Open Redirect in thinkgem JeeSite
MediumCVE-2025-7862: Missing Authentication in TOTOLINK T6
MediumCVE-2025-54314: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rubyonrails Thor
LowCVE-2025-7861: SQL Injection in code-projects Church Donation System
MediumActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.