jeesite5 <=5.12.0 Dangerous type of file upload (CWE-434)información

Título	JeeSite https://github.com/thinkgem/jeesite5 <=5.12.0 Dangerous type of file upload (CWE-434)
Descripción	The endpoint /js/a/file/upload allows user uploads PDF file without sanitizer lead to Stored XSS.
Fuente	⚠️ https://github.com/thinkgem/jeesite5/issues/31
Usuario	ZAST.AI (UID 87884)
Sumisión	2025-07-18 05:44 (hace 9 meses)
Moderación	2025-07-19 06:17 (1 day later)
Estado	Aceptado
Entrada de VulDB	316977 [thinkgem JeeSite hasta 5.12.0 FileUploadController.java upload escalada de privilegios]
Puntos	14

Want to know what is going to be exploited?

We predict KEV entries!