CVE-2025-9796
September 01, 2025
A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended.
Affected Packages
https://github.com/thinkgem/jeesite5.git (GITHUB):
Affected version(s) >=v4.0.1 <v5.13.0.springboo3Fix Suggestion:
Update to version v5.13.0.springboo3Related Resources (8)
Do you need more information?
Contact UsCVSS v4
Base Score:
2.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
LOW
Subsequent System Integrity
LOW
Subsequent System Availability
NONE
Exploit Maturity
POC
CVSS v3
Base Score:
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
Exploit Maturity
PROOF-OF-CONCEPT
Weakness Type (CWE)
EPSS
Base Score:
0.03
