CVE-2024-8112

A vulnerability was found in thinkgem JeeSite 5.3. It has been rated as problematic. This issue affects some unknown processing of the file /js/a/login of the component Cookie Handler. The manipulation of the argument skinName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://gitee.com/thinkgem/jeesite5/issues/IAKGTV Exploit Issue Tracking
https://vuldb.com/?ctiid.275633 Permissions Required
https://vuldb.com/?id.275633 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:jeesite:jeesite:5.3:*:*:*:*:*:*:*

History

12 Sep 2024, 18:23

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : 4.3
v2 : 5.0
v3 : 6.1
CPE cpe:2.3:a:jeesite:jeesite:5.3:*:*:*:*:*:*:*
References () https://gitee.com/thinkgem/jeesite5/issues/IAKGTV - () https://gitee.com/thinkgem/jeesite5/issues/IAKGTV - Exploit, Issue Tracking
References () https://vuldb.com/?ctiid.275633 - () https://vuldb.com/?ctiid.275633 - Permissions Required
References () https://vuldb.com/?id.275633 - () https://vuldb.com/?id.275633 - Third Party Advisory, VDB Entry
Summary
  • (es) Se encontró una vulnerabilidad en thinkgem JeeSite 5.3. Ha sido calificada como problemática. Este problema afecta un procesamiento desconocido del archivo /js/a/login del componente Cookie Handler. La manipulación del argumento skinName conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse.
First Time Jeesite
Jeesite jeesite

23 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-23 15:15

Updated : 2024-09-12 18:23


NVD link : CVE-2024-8112

Mitre link : CVE-2024-8112

CVE.ORG link : CVE-2024-8112


JSON object : View

Products Affected

jeesite

  • jeesite
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')