CVE-2025-7901

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be...

PT-2025-30206

Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi versions up to 4.8.1 Description A problematic issue exists in yangzongzhuan RuoYi related to the processing of the /swagger-ui/index.html file within the Swagger UI component. Manipulation of the configUrl argument can lea...

RuoYi 代码注入漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A code injection vulnerability exists in RuoYi 4.8.1 and earlier versions, which originates from cross-site scripting due to incorrect manipulation of the parameter configUrl in the file /swagger-ui/index.html...

Mars: RXSS on ████ via configUrl parameter

A Reflected Cross-Site Scripting RXSS vulnerability was reported on the Swagger UI page of the Royal Canin eVet API. The vulnerability was identified in the configUrl parameter of the URL. This security flaw allowed an attacker to inject malicious scripts into the web page, which were then execut...