Soumettre #618189: JeeSite https://github.com/thinkgem/jeesite5 <=5.12.0 Dangerous type of file upload (CWE-434)information

TitreJeeSite https://github.com/thinkgem/jeesite5 <=5.12.0 Dangerous type of file upload (CWE-434)
DescriptionThe endpoint /js/a/file/upload allows user uploads PDF file without sanitizer lead to Stored XSS.
La source⚠️ https://github.com/thinkgem/jeesite5/issues/31
Utilisateur
 ZAST.AI (UID 87884)
Soumission18/07/2025 05:44 (il y a 9 mois)
Modérer19/07/2025 06:17 (1 day later)
StatutAccepté
Entrée VulDB316977 [thinkgem JeeSite jusqu’à 5.12.0 FileUploadController.java upload élévation de privilèges]
Points14

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!