| Title | RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Stored XSS |
|---|
| Description | When users add notification announcements, they can insert XSS payloads without any restrictions, which are then stored in the database. On the display page, the content is output without any encoding processing, resulting in stored XSS vulnerabilities. |
|---|
| Source | ⚠️ https://github.com/yangzongzhuan/RuoYi/issues/294 |
|---|
| User | ZAST.AI (UID 87884) |
|---|
| Submission | 07/18/2025 11:23 (11 months ago) |
|---|
| Moderation | 07/19/2025 16:08 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 317016 [yangzongzhuan RuoYi up to 4.8.1 SysNoticeController.java addSave cross site scripting] |
|---|
| Points | 17 |
|---|