CVE-2026-36761

Name of the Vulnerable Software and Affected Versions JeeSite version 5.15.1

Description A stored cross-site scripting (XSS) issue exists in the '/msg/msgInner/save' endpoint. This allows attackers to execute arbitrary web scripts or HTML by injecting crafted input into the msgContent parameter. Cross-site scripting is a flaw where malicious scripts are injected into otherwise trusted websites.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Avoid using the msgContent parameter in the '/msg/msgInner/save' endpoint until the issue is resolved.