CVE-2025-8847

Medium CVSS: 5.1

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeContent leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor

Ruoyi

Product

Ruoyi

CWE

CWE-79

Yayın Tarihi

2025-08-11 13:15:39

Güncelleme

2025-09-11 15:32:32

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 Ruoyi MEDIUM Ruoyi 2025

Referanslar

https://github.com/yangzongzhuan/RuoYi/issues/298 https://github.com/yangzongzhuan/RuoYi/issues/298#issue-3265348205 https://vuldb.com/?ctiid.319381 https://vuldb.com/?id.319381 https://vuldb.com/?submit.623372 https://github.com/yangzongzhuan/RuoYi/issues/298

Benzer Kayıtlar

High

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access…

Critical

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data…

Critical

CVE-2024-57521

SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the creat…

Medium

CVE-2025-14856

A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function o…

Medium

CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the…

High

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the au…