CVE-2025-7865
BaseFortify
Publication date: 2025-07-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jeesite | jeesite | to 5.12.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7865 is a Cross-Site Scripting (XSS) vulnerability in thinkgem JeeSite versions up to 5.12.0. It exists in the xssFilter function of the EncodeUtils.java file, which is part of the XSS Filter component. The vulnerability arises because the filter uses a flawed whitelist-based sanitization that can be bypassed by attackers. This allows malicious scripts to be injected and executed in the context of the affected web application. Attackers can exploit this remotely by crafting inputs that bypass the sanitizer, including embedding SVG elements with event handlers. Both reflected and stored XSS attacks are possible, enabling execution of arbitrary JavaScript in users' browsers. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to the execution of unauthorized scripts in the browsers of users interacting with the affected JeeSite application. The impact includes potential session hijacking, credential theft, and other malicious actions performed by the injected scripts. Stored XSS attacks can compromise administrators or users when they access affected pages, leading to data integrity issues and security breaches. Since the attack can be initiated remotely and requires user interaction, it poses a moderate risk to the confidentiality and integrity of user data. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious input patterns that bypass the XSS filter, especially inputs containing SVG elements with ONLOAD event handlers or inputs prefixed with markers like <!--HTML-->. Detection can include inspecting POST requests to endpoints such as /js/a/sys/user/infoSaveBase and /js/a/sys/office/save for payloads containing SVG or suspicious event handlers. While no specific commands are provided, network or application logs can be searched for these patterns using tools like grep or web application firewall (WAF) rules targeting these payload signatures. [3]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the available patch identified by commit 3585737d21fe490ff6948d913fcbd8d99c41fc08 to fix the flawed xssFilter function in the EncodeUtils.java file. Additionally, users should update JeeSite to a version later than 5.12.0 where this issue is resolved. Until the patch is applied, monitoring and filtering inputs for suspicious XSS payloads and restricting user input that can contain HTML or SVG elements can help reduce risk. [2]