CVSS: 6.3EPSS: 0%CPEs: 10EXPL: 1CVE-2024-9048 – y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting
https://notcve.org/view.php?id=CVE-2024-9048
21 Sep 2024 — A vulnerability was found in y_project RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of the file ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java of the component Backend User Import. The manipulation of the argument loginName leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?id.278215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 1CVE-2024-6511 – y_project RuoYi Content-Type isJsonRequest cross site scripting
https://notcve.org/view.php?id=CVE-2024-6511
04 Jul 2024 — A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/y_project/RuoYi/issues/IA8O7O • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7133 – y_project RuoYi HTTP POST Request login cross site scripting
https://notcve.org/view.php?id=CVE-2023-7133
28 Dec 2023 — A vulnerability was found in y_project RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The manipulation of the argument rememberMe with the input falsen3f0m<script>alert(1)</script>p86o0 leads to cross site scripting. The attack can be initiated remotely. • https://1drv.ms/w/s!AgMfVZkPO1NWgSPnwk90DMQIUN_D?e=2Bauy4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •