yangzongzhuan RuoYi SysNoticeController.java addSave cross site scripting_CVE-2025-7902

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-7902

Source VulDB

Published Jul 20, 2025 at 16:02

Modified Jul 21, 2025 at 18:38

Affected Product

Vendor yangzongzhuan

Product RuoYi

Version 4.8.0

Affected Versions yangzongzhuan RuoYi 4.8.0
yangzongzhuan RuoYi 4.8.1

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-07-20T16:02:05.625Z",
    "modified": "2025-07-21T18:38:28.183Z",
    "type": "cve",
    "title": "yangzongzhuan RuoYi SysNoticeController.java addSave cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.317016\nhttps://vuldb.com/?ctiid.317016\nhttps://vuldb.com/?submit.618354\nhttps://github.com/yangzongzhuan/RuoYi/issues/294\nhttps://github.com/yangzongzhuan/RuoYi/issues/294#issue-3211205807",
    "id": "CVE-2025-7902",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "yangzongzhuan RuoYi 4.8.0\nyangzongzhuan RuoYi 4.8.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RuoYi",
    "version": "4.8.0",
    "vendor": "yangzongzhuan",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}