Jeesite

Jeesite

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-7759

Exploit
  • EPSS 0.31%
  • Veröffentlicht 17.07.2025 21:32:06
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was identified in thinkgem JeeSite up to 5.12.0. This vulnerability affects unknown code of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor Image Grabber. Such manipulation of t...

6.1

CVE-2024-8112

Exploit
  • EPSS 0.45%
  • Veröffentlicht 23.08.2024 15:15:17
  • Zuletzt bearbeitet 12.09.2024 18:23:22

A vulnerability was found in thinkgem JeeSite 5.3. It has been rated as problematic. This issue affects some unknown processing of the file /js/a/login of the component Cookie Handler. The manipulation of the argument skinName leads to cross site scr...

5.4

CVE-2023-38991

Exploit
  • EPSS 0.39%
  • Veröffentlicht 04.08.2023 00:15:13
  • Zuletzt bearbeitet 21.11.2024 08:14:34

An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.

4.3

CVE-2023-38990

Exploit
  • EPSS 0.47%
  • Veröffentlicht 02.08.2023 00:15:18
  • Zuletzt bearbeitet 21.11.2024 08:14:34

An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator.

4.3

CVE-2023-38989

Exploit
  • EPSS 0.34%
  • Veröffentlicht 31.07.2023 18:15:10
  • Zuletzt bearbeitet 21.11.2024 08:14:34

An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information.

4.3

CVE-2023-38988

Exploit
  • EPSS 0.38%
  • Veröffentlicht 28.07.2023 21:15:14
  • Zuletzt bearbeitet 21.11.2024 08:14:33

An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators.

9.8

CVE-2023-34601

Exploit
  • EPSS 0.69%
  • Veröffentlicht 22.06.2023 11:15:09
  • Zuletzt bearbeitet 21.11.2024 08:07:25

Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml.

9.8

CVE-2020-19229

Exploit
  • EPSS 1.42%
  • Veröffentlicht 05.04.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:09:03

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.

6.5

CVE-2019-1010201

  • EPSS 1.16%
  • Veröffentlicht 23.07.2019 18:15:14
  • Zuletzt bearbeitet 21.11.2024 04:18:02

Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive information disclosure. The component is: updateProcInsIdByBusinessId() function in src/main/java/com.thinkgem.jeesite/modules/act/ActDao.java has SQL Injection vulnerability. The ...

6.5

CVE-2019-1010202

Exploit
  • EPSS 1.31%
  • Veröffentlicht 23.07.2019 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:18:03

Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information disclosure. The component is: convertToModel() function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector ...