{"id":8459,"date":"2025-07-20T11:54:05","date_gmt":"2025-07-20T11:54:05","guid":{"rendered":"http:\/\/localhost\/?p=8459"},"modified":"2025-07-20T11:54:05","modified_gmt":"2025-07-20T11:54:05","slug":"yangzongzhuan-ruoyi-swagger-ui-indexhtml-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=8459","title":{"rendered":"yangzongzhuan RuoYi Swagger UI index.html cross site scripting"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nyangzongzhuan RuoYi Swagger UI index.html cross site scripting<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-20T15:32:04.851Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-20T15:32:04.851Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nyangzongzhuan<\/td>\n<\/tr>\n
Product<\/th>\nRuoYi<\/td>\n<\/tr>\n
Version<\/th>\n4.8.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:P\/VC:N\/VI:L\/VA:N\/SC:N\/SI:N\/SA:N\/E:X<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA stored cross-site scripting (XSS) vulnerability exists in the Swagger UI component of yangzongzhuan RuoYi up to version 4.8.1. This issue is triggered by improper handling of the configUrl argument, allowing remote attackers to inject malicious scripts. The vulnerability can be exploited remotely and affects versions 4.8.0 and 4.8.1.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nyangzongzhuan<\/td>\n<\/tr>\n
AI Product<\/th>\nRuoYi<\/td>\n<\/tr>\n
AI Version<\/th>\n4.8.0, 4.8.1<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n