CVE-2023-3815
Summary
| CVE | CVE-2023-3815 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-21 05:15:00 UTC |
| Updated | 2023-11-07 04:19:00 UTC |
| Description | A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Xss文件上传方法检测到漏洞 · Issue #I7IL85 · 若依/RuoYi - Gitee.com | MISC | gitee.com | |
| Login required | MISC | vuldb.com | |
| CVE-2023-3815: y_project RuoYi File Upload uploadFilesPath cross site scripting | MISC | vuldb.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.