jeesite5 <=5.12.0 Dangerous type of file upload (CWE-434)info

Titel	JeeSite https://github.com/thinkgem/jeesite5 <=5.12.0 Dangerous type of file upload (CWE-434)
Beschreibung	The endpoint /js/a/file/upload allows user uploads PDF file without sanitizer lead to Stored XSS.
Quelle	⚠️ https://github.com/thinkgem/jeesite5/issues/31
Benutzer	ZAST.AI (UID 87884)
Einreichung	18.07.2025 05:44 (vor 9 Monaten)
Moderieren	19.07.2025 06:17 (1 day later)
Status	Akzeptiert
VulDB Eintrag	316977 [thinkgem JeeSite bis 5.12.0 FileUploadController.java upload erweiterte Rechte]
Punkte	14

Interested in the pricing of exploits?

See the underground prices here!