CVE-2025-7865

Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.12.0

Description A vulnerability exists in thinkgem JeeSite up to version 5.12.0 related to cross-site scripting. The issue resides in the xssFilter function within the src/main/java/com/jeesite/common/codec/EncodeUtils.java file of the XSS Filter component. Manipulation of the text argument can lead to the execution of malicious scripts. The attack can be initiated remotely. The exploit for this issue has been publicly disclosed.

Recommendations Apply the patch identified as 3585737d21fe490ff6948d913fcbd8d99c41fc08 to resolve this issue.