ruoyi is vulnerable to cross-site scripting. The vulnerability exists in the updateAvatar
function in SysProfileController.java
due to the lack of sanitization in user input which allows an attacker to inject and execute arbitrary code via a crafted HTML file.
CPE | Name | Operator | Version |
---|---|---|---|
ruoyi-admin | eq | 3.7.0 | |
ruoyi-admin | eq | 3.7.0 |