Invia #618361: RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434)informazioni

TitoloRuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434)
DescrizioneThe endpoint /common/upload and /common/uploads allow user uploads html, htm and PDF filetypes without sanitizer which leads to Stored XSS.
Fonte⚠️ https://github.com/yangzongzhuan/RuoYi/issues/296
Utente
 ZAST.AI (UID 87884)
Sottomissione18/07/2025 11:31 (12 mesi fa)
Moderazione19/07/2025 20:39 (1 day later)
StatoAccettato
Voce VulDB317021 [yangzongzhuan RuoYi fino a 4.8.1 CommonController.java uploadFile escalationi di privilegi]
Punti15

Do you need the next level of professionalism?

Upgrade your account now!