logo_clicknbuy.png

CVE-2025-9796 – JeeSite Thinkgem Cross-Site Scripting Vulnerability

The following table lists the changes that have been made to the
CVE-2025-9796 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Sep. 01, 2025

    Action Type Old Value New Value
    Added Description A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
    Added CVSS V2 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
    Added CWE CWE-79
    Added CWE CWE-94
    Added Reference https://github.com/thinkgem/jeesite5/commit/63773c97a56bdb3649510e83b66c16db4754965b
    Added Reference https://github.com/thinkgem/jeesite5/issues/33
    Added Reference https://github.com/thinkgem/jeesite5/issues/33#issue-3330107533
    Added Reference https://github.com/thinkgem/jeesite5/issues/33#issuecomment-3197374560
    Added Reference https://github.com/thinkgem/jeesite5/releases/tag/v5.13.0.springboo3
    Added Reference https://vuldb.com/?ctiid.322111
    Added Reference https://vuldb.com/?id.322111
    Added Reference https://vuldb.com/?submit.641125
Share the Post:

Related Posts