Submeter #618361: RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434)informação

TítuloRuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434)
DescriçãoThe endpoint /common/upload and /common/uploads allow user uploads html, htm and PDF filetypes without sanitizer which leads to Stored XSS.
Fonte⚠️ https://github.com/yangzongzhuan/RuoYi/issues/296
Utilizador
 ZAST.AI (UID 87884)
Submissão18/07/2025 11h31 (há 11 meses)
Moderação19/07/2025 20h39 (1 day later)
EstadoAceite
Entrada VulDB317021 [yangzongzhuan RuoYi até 4.8.1 CommonController.java uploadFile Ficheiro Elevação de Privilégios]
Pontos15

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!