CVE-2024-8112

MEDIUM

thinkgem JeeSite 5.3 - XSS

Title source: llm

Description

A vulnerability was found in thinkgem JeeSite 5.3. It has been rated as problematic. This issue affects some unknown processing of the file /js/a/login of the component Cookie Handler. The manipulation of the argument skinName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

gitee 30,995 stars

by thinkgem · javawriteup

https://gitee.com/thinkgem/jeesite5/issues/IAKGTV

References (3)

[Exploit, Issue Tracking] https://gitee.com/thinkgem/jeesite5/issues/IAKGTV

[Permissions Required] https://vuldb.com/?ctiid.275633

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.275633

Scores

CVSS v3 4.3

EPSS 0.0013

EPSS Percentile 32.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

jeesite/jeesite 5.3.0

Published Aug 23, 2024

Tracked Since Feb 18, 2026