提交 #618189: JeeSite https://github.com/thinkgem/jeesite5 <=5.12.0 Dangerous type of file upload (CWE-434)信息

标题JeeSite https://github.com/thinkgem/jeesite5 <=5.12.0 Dangerous type of file upload (CWE-434)
描述The endpoint /js/a/file/upload allows user uploads PDF file without sanitizer lead to Stored XSS.
来源⚠️ https://github.com/thinkgem/jeesite5/issues/31
用户
 ZAST.AI (UID 87884)
提交2025-07-18 05時44分 (9 月前)
管理2025-07-19 06時17分 (1 day later)
状态已接受
VulDB条目316977 [thinkgem JeeSite 直到 5.12.0 FileUploadController.java upload 权限提升]
积分14

上一步一览下一步

Want to know what is going to be exploited?

We predict KEV entries!