CVE-2022-4348 – com.ruoyi:ruoyi-common

Package

Manager: maven
Name: com.ruoyi:ruoyi-common
Vulnerable Version: >=0 <=4.6.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00069 pctl0.21646

Details

RuoYi-Cloud Cross-site Scripting vulnerability A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108. A patch for this issue is available at https://gitee.com/y_project/RuoYi-Cloud/pulls/224.

Metadata

Created: 2022-12-08T09:30:30Z
Modified: 2022-12-12T21:59:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-vp22-232w-h9x8/GHSA-vp22-232w-h9x8.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-vp22-232w-h9x8
Finding: F425
Auto approve: 1