提交 #618361: RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434)信息

标题RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Dangerous type of file upload (CWE-434)
描述The endpoint /common/upload and /common/uploads allow user uploads html, htm and PDF filetypes without sanitizer which leads to Stored XSS.
来源⚠️ https://github.com/yangzongzhuan/RuoYi/issues/296
用户
 ZAST.AI (UID 87884)
提交2025-07-18 11時31分 (12 月前)
管理2025-07-19 20時39分 (1 day later)
状态已接受
VulDB条目317021 [yangzongzhuan RuoYi 直到 4.8.1 CommonController.java uploadFile 文件 权限提升]
积分15

Do you want to use VulDB in your project?

Use the official API to access entries easily!