Cross Site Scripting Vulnerability in thinkgem JeeSite 5.3
CVE-2024-8112

6.1MEDIUM

Key Information:

Vendor: Thinkgem
Status: Jeesite
Vendor: CVE Published:; 23 August 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-8112?

A vulnerability was found in thinkgem JeeSite 5.3. It has been rated as problematic. This issue affects some unknown processing of the file /js/a/login of the component Cookie Handler. The manipulation of the argument skinName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Version(s)

JeeSite 5.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-8112 - Proof of Concept

References

https://vuldb.com/?id.275633

vdb-entrytechnical-description

https://vuldb.com/?ctiid.275633

signaturepermissions-required

https://gitee.com/thinkgem/jeesite5/issues/IAKGTV

exploitissue-tracking

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 23, 2024
👾
Exploit known to exist
Aug 23, 2024
Vulnerability published
Aug 23, 2024
Vulnerability Reserved
Aug 23, 2024

Credit

VulDB Gitee Analyzer

CVE-2024-8112 Data

JSON

Thinkgem