إرسال #763732: Jeesite v5.15.1 XXEالمعلومات

عنوانJeesite v5.15.1 XXE
الوصفJeesite has an is an XML External Entity (XXE) vulnerability (CWE-611). The endpoint accepts a user-controlled POST parameter logoutRequest, which is parsed as XML without explicit XXE-hardening features (such as disabling DOCTYPE and external entities). As a result, an attacker can supply malicious XML to trigger server-side outbound requests (SSRF behavior), and in some runtime configurations may attempt further entity-based abuse.
المصدر⚠️ https://www.yuque.com/la12138/pa2fpb/ew8x2qss8dv0bsu0?singleDoc
المستخدم
 Saul1213 (UID 94577)
ارسال20/02/2026 08:49 AM (2 أشهر منذ)
الاعتدال01/03/2026 07:55 AM (9 days later)
الحالةتمت الموافقة
إدخال VulDB348299 [thinkgem JeeSite حتى 5.15.1 Endpoint CasOutHandler.java XML External Entity]
النقاط19

التالي نظرة عامة السابق

Might our Artificial Intelligence support you?

Check our Alexa App!