CVE-2025-7901

Medium CVSS: 5.3

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be initiated remotely.

Vendor

Ruoyi

Product

Ruoyi

CWE

CWE-79

Yayın Tarihi

2025-07-20 16:15:24

Güncelleme

2025-09-11 15:28:17

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 Ruoyi MEDIUM Ruoyi 2025

Referanslar

https://github.com/yangzongzhuan/RuoYi/issues/293 https://vuldb.com/?ctiid.317015 https://vuldb.com/?id.317015 https://vuldb.com/?submit.618353

Benzer Kayıtlar

High

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access…

Critical

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data…

Critical

CVE-2024-57521

SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the creat…

Medium

CVE-2025-14856

A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function o…

Medium

CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the…

High

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the au…