CVE-2024-9048 | y_project RuoYi up to 4.7.9 Backend User Import SysUserServiceImpl.java SysUserServiceImpl loginName cross site scripting (IAR6Q3)

A vulnerability was found in y_project RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of the file ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java of the component Backend User Import. The manipulation of the argument loginName leads to cross site scripting.

This vulnerability is known as CVE-2024-9048. The attack can be launched remotely. Furthermore, there is an exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2024-9048 | y_project RuoYi up to 4.7.9 Backend User Import SysUserServiceImpl.java SysUserServiceImpl loginName cross site scripting (IAR6Q3)

Post correlati

CVE-2024-23794 | OTRS up to 8.0.x/2023.x/2024.4.x Ticket Property privileges assignment

CVE-2023-6937 | wolfSSL up to 5.6.4 TLS Record information disclosure

CVE-2024-37571 | SAS Broker 9.2 Build 1495 _debug denial of service

CVE-2023-39517 | laurent22 joplin up to 2.12.7 sanitizeHtml cross site scripting (GHSA-2h88-m32f-qh5m)