CVE-2023-3815: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

July 21, 2023

A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability.

References

gitee.com/y_project/RuoYi/issues/I7IL85
github.com/advisories/GHSA-p4ww-j4pr-qw6q
nvd.nist.gov/vuln/detail/CVE-2023-3815
vuldb.com/?ctiid.235118
vuldb.com/?id.235118

Code Behaviors & Features

Detect and mitigate CVE-2023-3815 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →