| शीर्षक | RuoYi RuoYi-Vue 3.9.2 Cross Site Scripting |
|---|
| विवरण | A stored cross-site scripting vulnerability exists in RuoYi-Vue due to unsafe file upload handling.
The common upload endpoints allow uploading files with .html and .htm extensions. Uploaded files are stored under the application-accessible directory (e.g., /profile/upload/) and are served from the same origin as the application.
Source-level chain:
POST /common/upload
POST /common/uploads
→ FileUploadUtils.upload(...)
→ allowed extensions include .html / .htm
→ file is written under /profile/upload/...
→ file is publicly accessible via /profile/upload/...
→ browser renders attacker-controlled HTML/JavaScript under same origin
Impact:
An authenticated low-privilege user can upload a malicious HTML file and have it executed in the context of the application's origin. This enables stored XSS attacks, including session hijacking, token theft, phishing, or performing actions on behalf of other users depending on cookie and security configuration.
The vulnerability is caused by allowing active content types to be uploaded and served from the same origin without proper restrictions. |
|---|
| स्रोत | ⚠️ https://github.com/yangzongzhuan/RuoYi-Vue |
|---|
| उपयोगकर्ता | feng123123 (UID 95215) |
|---|
| सबमिशन | 26/04/2026 07:39 AM (1 महीना पहले) |
|---|
| संयम | 23/05/2026 04:15 PM (27 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365338 [yangzongzhuan RuoYi-Vue तक 3.9.2 Common Upload Endpoint /common/upload FileUploadUtils.upload अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|