2 matches found
CVE-2023-3815
CVE-2023-3815 affects y_project RuoYi (up to 4.7.7). The vulnerability is in the File Upload component, specifically the function uploadFilesPath where manipulation of the originalFilenames argument leads to cross-site scripting. The issue can be exploited remotely and does not require authentica...
CVE-2023-3815 y_project RuoYi File Upload uploadFilesPath cross site scripting
A vulnerability, which was classified as problematic, has been found in yproject RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched...