CVE-2026-36761

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter.

thinkgem/jeesite
thinkgem/jeesite
👍Java 低代码, 轻量级, Spring Boot, MyBatis, Flowable, TypeScript, Vue, Antdv, 包括核心模块如:组织机构、角色用户、权限授权、数据权限、内容管理、工作流、Spring Cloud 微服务等。
GitHubGitHub
8.04K