Soumettre #763732: Jeesite v5.15.1 XXEinformation

TitreJeesite v5.15.1 XXE
DescriptionJeesite has an is an XML External Entity (XXE) vulnerability (CWE-611). The endpoint accepts a user-controlled POST parameter logoutRequest, which is parsed as XML without explicit XXE-hardening features (such as disabling DOCTYPE and external entities). As a result, an attacker can supply malicious XML to trigger server-side outbound requests (SSRF behavior), and in some runtime configurations may attempt further entity-based abuse.
La source⚠️ https://www.yuque.com/la12138/pa2fpb/ew8x2qss8dv0bsu0?singleDoc
Utilisateur
 Saul1213 (UID 94577)
Soumission20/02/2026 08:49 (il y a 2 mois)
Modérer01/03/2026 07:55 (9 days later)
StatutAccepté
Entrée VulDB348299 [thinkgem JeeSite jusqu’à 5.15.1 Endpoint CasOutHandler.java XML External Entity]
Points19

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!