| عنوان | RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Stored XSS |
|---|
| الوصف | When users add notification announcements, they can insert XSS payloads without any restrictions, which are then stored in the database. On the display page, the content is output without any encoding processing, resulting in stored XSS vulnerabilities. |
|---|
| المصدر | ⚠️ https://github.com/yangzongzhuan/RuoYi/issues/294 |
|---|
| المستخدم | ZAST.AI (UID 87884) |
|---|
| ارسال | 18/07/2025 11:23 AM (11 أشهر منذ) |
|---|
| الاعتدال | 19/07/2025 04:08 PM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 317016 [yangzongzhuan RuoYi حتى 4.8.1 SysNoticeController.java addSave البرمجة عبر المواقع] |
|---|
| النقاط | 17 |
|---|