CVE Details
Basic Information
| Title | yangzongzhuan RuoYi Swagger UI index.html cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-07-20T15:32:04.851Z |
| Modified | 2025-07-20T15:32:04.851Z |
Product Information
| Vendor | yangzongzhuan |
|---|---|
| Product | RuoYi |
| Version | 4.8.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X |
AI Analysis
| AI Description | A stored cross-site scripting (XSS) vulnerability exists in the Swagger UI component of yangzongzhuan RuoYi up to version 4.8.1. This issue is triggered by improper handling of the configUrl argument, allowing remote attackers to inject malicious scripts. The vulnerability can be exploited remotely and affects versions 4.8.0 and 4.8.1. |
|---|---|
| AI Severity | Medium |
| AI Vendor | yangzongzhuan |
| AI Product | RuoYi |
| AI Version | 4.8.0, 4.8.1 |
Affected Products
- yangzongzhuan RuoYi 4.8.0
- yangzongzhuan RuoYi 4.8.1
Additional Information
| CWE List | CWE-79, CWE-94 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be initiated remotely.