Submit #618189: JeeSite https://github.com/thinkgem/jeesite5 <=5.12.0 Dangerous type of file upload (CWE-434)info

TitleJeeSite https://github.com/thinkgem/jeesite5 <=5.12.0 Dangerous type of file upload (CWE-434)
DescriptionThe endpoint /js/a/file/upload allows user uploads PDF file without sanitizer lead to Stored XSS.
Source⚠️ https://github.com/thinkgem/jeesite5/issues/31
User
 ZAST.AI (UID 87884)
Submission07/18/2025 05:44 (9 months ago)
Moderation07/19/2025 06:17 (1 day later)
StatusAccepted
VulDB entry316977 [thinkgem JeeSite up to 5.12.0 FileUploadController.java upload unrestricted upload]
Points14

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!