Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create.
SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges
RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list.
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler.
Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL
A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment l
A vulnerability was found in y_project RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of the file ruoyi-system/src/main/java/
RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Addition
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ka2 Custom DataBase Tables custom-database-tables allows Reflected XSS.This issue affects Custom D
A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Table of content content-table allows Stored XSS.This issue affects Table of content:
A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/logi
RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Stored XSS.This issue affects TableOn: from n/a t
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/commo
A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/
Page 1+ Next →