Low severity3.5NVD Advisory· Published Sep 1, 2025· Updated Apr 29, 2026
CVE-2025-9796
CVE-2025-9796
Description
A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/thinkgem/jeesite5/commit/63773c97a56bdb3649510e83b66c16db4754965bnvdPatch
- github.com/thinkgem/jeesite5/issues/33nvdExploitIssue Tracking
- github.com/thinkgem/jeesite5/issues/33nvdExploitIssue Tracking
- github.com/thinkgem/jeesite5/issues/33nvdExploitIssue Tracking
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- github.com/thinkgem/jeesite5/releases/tag/v5.13.0.springboo3nvdRelease Notes
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.