PT-2026-39413 · Unknown · Jeecg-Boot

Xpp39

Published

2026-05-09

Updated

2026-05-10

CVE-2026-8195

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.2

Description A cross-site scripting issue exists in the SVG File Handler component within the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java. This flaw allows a remote attacker to execute malicious scripts via manipulation of an unknown function in the specified controller.

Recommendations Update to a version later than 3.9.1. As a temporary workaround, restrict access to the SVG File Handler component in CommonController.java to minimize the risk of exploitation.

Exploit

Fix

Code Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-79

Related Identifiers

CVE-2026-8195

Affected Products

Jeecg-Boot

PT-2026-39413 · Unknown · Jeecg-Boot

CVE-2026-8195

Weakness Enumeration

Related Identifiers

Affected Products

References · 9