Soumettre #618361: RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434)information

TitreRuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434)
DescriptionThe endpoint /common/upload and /common/uploads allow user uploads html, htm and PDF filetypes without sanitizer which leads to Stored XSS.
La source⚠️ https://github.com/yangzongzhuan/RuoYi/issues/296
Utilisateur
 ZAST.AI (UID 87884)
Soumission18/07/2025 11:31 (il y a 12 mois)
Modérer19/07/2025 20:39 (1 day later)
StatutAccepté
Entrée VulDB317021 [yangzongzhuan RuoYi jusqu’à 4.8.1 CommonController.java uploadFile Fichier élévation de privilèges]
Points15

Might our Artificial Intelligence support you?

Check our Alexa App!