VYPR
Low severity3.5NVD Advisory· Published Sep 1, 2025· Updated Apr 29, 2026

CVE-2025-9796

CVE-2025-9796

Description

A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Jeesite/Jeesite2 versions
    cpe:2.3:a:jeesite:jeesite:*:*:*:*:-:*:*:*+ 1 more
    • cpe:2.3:a:jeesite:jeesite:*:*:*:*:-:*:*:*range: <5.13.0
    • (no CPE)range: <=5.12.1

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.