Submeter #763732: Jeesite v5.15.1 XXEinformação

TítuloJeesite v5.15.1 XXE
DescriçãoJeesite has an is an XML External Entity (XXE) vulnerability (CWE-611). The endpoint accepts a user-controlled POST parameter logoutRequest, which is parsed as XML without explicit XXE-hardening features (such as disabling DOCTYPE and external entities). As a result, an attacker can supply malicious XML to trigger server-side outbound requests (SSRF behavior), and in some runtime configurations may attempt further entity-based abuse.
Fonte⚠️ https://www.yuque.com/la12138/pa2fpb/ew8x2qss8dv0bsu0?singleDoc
Utilizador
 Saul1213 (UID 94577)
Submissão20/02/2026 08h49 (há 2 meses)
Moderação01/03/2026 07h55 (9 days later)
EstadoAceite
Entrada VulDB348299 [thinkgem JeeSite até 5.15.1 Endpoint CasOutHandler.java XML External Entity]
Pontos19

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!