CVE-2023-3815

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-3815

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3815.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-3815

Aliases

GHSA-p4ww-j4pr-qw6q

Published

2023-07-21T05:15:15Z

Modified

2024-09-03T04:32:49.899616Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/yangzongzhuan/ruoyi

Affected ranges

Type: GIT
Repo: https://github.com/yangzongzhuan/ruoyi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

03201c36e8b5f2db7de607ac5c2c1006987c2583

Affected versions

v2.*

v2.2

v2.3

v2.4

v3.*

v3.0

v3.1

v3.2

v3.3

v3.4

v4.*

v4.0

v4.1

v4.2

v4.3

v4.3.1

v4.4

v4.5.0

v4.5.1

v4.6.0

v4.6.1

v4.6.2

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.7.4

v4.7.5

v4.7.6

v4.7.7