| Título | RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434) |
|---|
| Descripción | The endpoint /common/upload and /common/uploads allow user uploads html, htm and PDF filetypes without sanitizer which leads to Stored XSS. |
|---|
| Fuente | ⚠️ https://github.com/yangzongzhuan/RuoYi/issues/296 |
|---|
| Usuario | ZAST.AI (UID 87884) |
|---|
| Sumisión | 2025-07-18 11:31 (hace 11 meses) |
|---|
| Moderación | 2025-07-19 20:39 (1 day later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 317021 [yangzongzhuan RuoYi hasta 4.8.1 CommonController.java uploadFile Archivo escalada de privilegios] |
|---|
| Puntos | 15 |
|---|