Submeter #618354: RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Stored XSSinformação

TítuloRuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Stored XSS
DescriçãoWhen users add notification announcements, they can insert XSS payloads without any restrictions, which are then stored in the database. On the display page, the content is output without any encoding processing, resulting in stored XSS vulnerabilities.
Fonte⚠️ https://github.com/yangzongzhuan/RuoYi/issues/294
Utilizador
 ZAST.AI (UID 87884)
Submissão18/07/2025 11h23 (há 11 meses)
Moderação19/07/2025 16h08 (1 day later)
EstadoAceite
Entrada VulDB317016 [yangzongzhuan RuoYi até 4.8.1 SysNoticeController.java addSave Script de Site Cruzado]
Pontos17

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!