Jeesite

Jeesite

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2026-3405

Exploit
  • EPSS 0.12%
  • Veröffentlicht 02.03.2026 02:02:13
  • Zuletzt bearbeitet 03.03.2026 19:46:56

A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown function of the component Connection Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The attack is ...

4.1

CVE-2025-9796

Exploit
  • EPSS 0.04%
  • Veröffentlicht 01.09.2025 21:32:08
  • Zuletzt bearbeitet 04.09.2025 16:54:57

A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch th...

8.8

CVE-2025-7759

Exploit
  • EPSS 0.09%
  • Veröffentlicht 17.07.2025 21:32:06
  • Zuletzt bearbeitet 20.10.2025 09:15:33

A vulnerability was identified in thinkgem JeeSite up to 5.12.0. This vulnerability affects unknown code of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor Image Grabber. Such manipulation of t...

6.1

CVE-2024-8112

Exploit
  • EPSS 0.13%
  • Veröffentlicht 23.08.2024 15:15:17
  • Zuletzt bearbeitet 12.09.2024 18:23:22

A vulnerability was found in thinkgem JeeSite 5.3. It has been rated as problematic. This issue affects some unknown processing of the file /js/a/login of the component Cookie Handler. The manipulation of the argument skinName leads to cross site scr...

5.4

CVE-2023-38991

Exploit
  • EPSS 0.04%
  • Veröffentlicht 04.08.2023 00:15:13
  • Zuletzt bearbeitet 21.11.2024 08:14:34

An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.

4.3

CVE-2023-38990

Exploit
  • EPSS 0.17%
  • Veröffentlicht 02.08.2023 00:15:18
  • Zuletzt bearbeitet 21.11.2024 08:14:34

An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator.

4.3

CVE-2023-38989

Exploit
  • EPSS 0.05%
  • Veröffentlicht 31.07.2023 18:15:10
  • Zuletzt bearbeitet 21.11.2024 08:14:34

An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information.

4.3

CVE-2023-38988

Exploit
  • EPSS 0.06%
  • Veröffentlicht 28.07.2023 21:15:14
  • Zuletzt bearbeitet 21.11.2024 08:14:33

An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators.

9.8

CVE-2023-34601

Exploit
  • EPSS 0.06%
  • Veröffentlicht 22.06.2023 11:15:09
  • Zuletzt bearbeitet 21.11.2024 08:07:25

Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml.

9.8

CVE-2020-19229

Exploit
  • EPSS 0.35%
  • Veröffentlicht 05.04.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:09:03

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.