Mentalityxt

**Name of the Vulnerable Software and Affected Versions** thinkgem JeeSite versions up to 5.12.0 **Description** A critical vulnerability exists in thinkgem JeeSite. The issue is located in an unknown part of the file `modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java` within the UEditor Image Grabber component. Manipulation of the `Source` argument leads to server-side request forgery, allowing for remote attacks. The exploit has been publicly disclosed. **Recommendations** Apply the patch with identifier 1c5e49b0818037452148e0f8ff69ed04cb8fefdc to resolve this issue.