We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-3815

y_project RuoYi File Upload uploadFilesPath cross site scripting



AssignerVulDB
Reserved2023-07-20
Published2023-07-21
Updated2024-10-17

Description

EN DE

A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability.

Eine problematische Schwachstelle wurde in y_project RuoYi bis 4.7.7 entdeckt. Betroffen davon ist die Funktion uploadFilesPath der Komponente File Upload. Durch Manipulation des Arguments originalFilenames mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen.



LOW: 3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
LOW: 3.5CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
4.0CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

Product status

4.7.0
affected

4.7.1
affected

4.7.2
affected

4.7.3
affected

4.7.4
affected

4.7.5
affected

4.7.6
affected

4.7.7
affected

Timeline

2023-07-20:Advisory disclosed
2023-07-20:CVE reserved
2023-07-20:VulDB entry created
2023-08-15:VulDB entry last update

Credits

VulDB Gitee Analyzer tool

References

https://vuldb.com/?id.235118 vdb-entry technical-description

https://vuldb.com/?ctiid.235118 signature permissions-required

https://gitee.com/y_project/RuoYi/issues/I7IL85 issue-tracking

cve.org CVE-2023-3815

nvd.nist.gov CVE-2023-3815

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-3815
Subscribe to our newsletter to learn more about our work.