Cross Site Scripting Vulnerability in Ruoyi 4.8.2 by Yangzongzhuan
CVE-2026-37216

6.1MEDIUM

Key Information:

Status
Vendor
CVE Published:
15 June 2026

What is CVE-2026-37216?

The Ruoyi 4.8.2 version is susceptible to a Cross Site Scripting (XSS) vulnerability at the /system/notice/add interface. This flaw allows an attacker to inject malicious scripts into web pages viewed by other users. Effective exploitation could lead to unauthorized actions on behalf of users or the exposure of sensitive information. Organizations using Ruoyi 4.8.2 should assess their systems for this vulnerability and apply recommended patches to mitigate the associated risks.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.