CVE-2025-7865

Summary

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/EncodeUtils.java of the component XSS Filter. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3585737d21fe490ff6948d913fcbd8d99c41fc08. It is recommended to apply a patch to fix this issue.

Affected Software

VendorProductVersion RangeStatus
thinkgemJeeSite5.0affected
thinkgemJeeSite5.1affected
thinkgemJeeSite5.2affected
thinkgemJeeSite5.3affected
thinkgemJeeSite5.4affected
thinkgemJeeSite5.5affected
thinkgemJeeSite5.6affected
thinkgemJeeSite5.7affected
thinkgemJeeSite5.8affected
thinkgemJeeSite5.9affected
thinkgemJeeSite5.10affected
thinkgemJeeSite5.11affected
thinkgemJeeSite5.12.0affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References