| Titel | RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Stored XSS |
|---|
| Beschreibung | When users add notification announcements, they can insert XSS payloads without any restrictions, which are then stored in the database. On the display page, the content is output without any encoding processing, resulting in stored XSS vulnerabilities. |
|---|
| Quelle | ⚠️ https://github.com/yangzongzhuan/RuoYi/issues/294 |
|---|
| Benutzer | ZAST.AI (UID 87884) |
|---|
| Einreichung | 18.07.2025 11:23 (vor 11 Monaten) |
|---|
| Moderieren | 19.07.2025 16:08 (1 day later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 317016 [yangzongzhuan RuoYi bis 4.8.1 SysNoticeController.java addSave Cross Site Scripting] |
|---|
| Punkte | 17 |
|---|