GHSA-p4ww-j4pr-qw6q

Source

https://github.com/advisories/GHSA-p4ww-j4pr-qw6q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-p4ww-j4pr-qw6q/GHSA-p4ww-j4pr-qw6q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p4ww-j4pr-qw6q

Aliases

CVE-2023-3815

Published

2023-07-21T06:30:17Z

Modified

2023-11-08T04:13:06.524547Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

RuoYi vulnerable to Cross-site Scripting

Details

A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability.

Database specific

{
    "nvd_published_at": "2023-07-21T05:15:15Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-21T20:18:40Z"
}

References

Affected packages

Maven / com.ruoyi:ruoyi

Package

Name: com.ruoyi:ruoyi; View open source insights on deps.dev
Purl: pkg:maven/com.ruoyi/ruoyi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.7.7