Submit #618361: RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434)info

TitelRuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434)
BeschreibungThe endpoint /common/upload and /common/uploads allow user uploads html, htm and PDF filetypes without sanitizer which leads to Stored XSS.
Quelle⚠️ https://github.com/yangzongzhuan/RuoYi/issues/296
Benutzer
 ZAST.AI (UID 87884)
Einreichung18.07.2025 11:31 (vor 11 Monaten)
Moderieren19.07.2025 20:39 (1 day later)
StatusAkzeptiert
VulDB Eintrag317021 [yangzongzhuan RuoYi bis 4.8.1 CommonController.java uploadFile Datei erweiterte Rechte]
Punkte15

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!