y_project RuoYi File Upload uploadFilesPath cross site scripting
CVE-2023-3815

3.5LOW

Key Information:

Vendor: Y Project
Status: Ruoyi
Vendor: CVE Published:; 21 July 2023

What is CVE-2023-3815?

A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability.

Affected Version(s)

RuoYi 4.7.0

RuoYi 4.7.1

RuoYi 4.7.2

References

https://vuldb.com/?id.235118

vdb-entrytechnical-description

https://vuldb.com/?ctiid.235118

signaturepermissions-required

https://gitee.com/y_project/RuoYi/issues/I7IL85

issue-tracking

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2023
Vulnerability Reserved
Jul 20, 2023

Credit

VulDB Gitee Analyzer