제출 #763732: Jeesite v5.15.1 XXE정보

제목Jeesite v5.15.1 XXE
설명Jeesite has an is an XML External Entity (XXE) vulnerability (CWE-611). The endpoint accepts a user-controlled POST parameter logoutRequest, which is parsed as XML without explicit XXE-hardening features (such as disabling DOCTYPE and external entities). As a result, an attacker can supply malicious XML to trigger server-side outbound requests (SSRF behavior), and in some runtime configurations may attempt further entity-based abuse.
원천⚠️ https://www.yuque.com/la12138/pa2fpb/ew8x2qss8dv0bsu0?singleDoc
사용자
 Saul1213 (UID 94577)
제출2026. 02. 20. AM 08:49 (2 개월 ago)
모더레이션2026. 03. 01. AM 07:55 (9 days later)
상태수락
VulDB 항목348299 [thinkgem JeeSite 까지 5.15.1 Endpoint CasOutHandler.java XML External Entity]
포인트들19

이전개요다음

Want to stay up to date on a daily basis?

Enable the mail alert feature now!