Description

A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108.

Remediation

References

https://gitee.com/y_project/RuoYi-Cloud/issues/I5IRC8

https://vuldb.com/?id.215108

Related Vulnerabilities

CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15on

CVE-2021-24033 Vulnerability in maven package org.webjars.npm:react-dev-utils

CVE-2023-33546 Vulnerability in maven package org.codehaus.janino:janino-parent

CVE-2023-46998 Vulnerability in maven package org.webjars.npm:bootbox

CVE-2021-23434 Vulnerability in npm package object-path

Severity

High

Classification

CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Issue Tracking Third Party Advisory