| शीर्षक | RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434) |
|---|
| विवरण | The endpoint /common/upload and /common/uploads allow user uploads html, htm and PDF filetypes without sanitizer which leads to Stored XSS. |
|---|
| स्रोत | ⚠️ https://github.com/yangzongzhuan/RuoYi/issues/296 |
|---|
| उपयोगकर्ता | ZAST.AI (UID 87884) |
|---|
| सबमिशन | 18/07/2025 11:31 AM (12 महीनों पहले) |
|---|
| संयम | 19/07/2025 08:39 PM (1 day later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 317021 [yangzongzhuan RuoYi तक 4.8.1 CommonController.java uploadFile Arquivo अधिकार वृद्धि] |
|---|
| अंक | 15 |
|---|