CVE-2025-7902

Sažetak

A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Reference

https://github.com/yangzongzhuan/RuoYi/issues/294
https://github.com/yangzongzhuan/RuoYi/issues/294#issue-3211205807
https://vuldb.com/?ctiid.317016
https://vuldb.com/?id.317016
https://vuldb.com/?submit.618354

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

20-07-2025 - 16:15

Objavljeno

20-07-2025 - 16:15