Stored Cross-Site Scripting in JeeSite Product by ThinkGem
CVE-2026-36761

6.1MEDIUM

Key Information:

Vendor: ThinkGem
Status: JeeSite
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-36761?

A stored cross-site scripting vulnerability exists in JeeSite v5.15.1, allowing malicious actors to execute arbitrary web scripts or HTML through the msgContent parameter in the /msg/msgInner/save endpoint. By injecting crafted inputs, attackers can manipulate the application and potentially impact users' data integrity and security.

References

https://github.com/thinkgem/jeesite

https://github.com/thinkgem/jeesite/issues/528

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-36761 Data

JSON