CVE-2025-8847 | yangzongzhuan RuoYi up to 4.8.1 /system/notice/edit noticeTitle/noticeContent cross site scripting (Issue 298)

Inserito da Angelo Barbosa | Ago 10, 2025 | CVE

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been declared as problematic. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeContent leads to cross site scripting.

This vulnerability is known as CVE-2025-8847. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2025-8847 | yangzongzhuan RuoYi up to 4.8.1 /system/notice/edit noticeTitle/noticeContent cross site scripting (Issue 298)

Post correlati

CVE-2025-52935 | DragonflyDB Dragonfly 1.28.18/1.30.0/1.30.1 lua_struct.C integer overflow

CVE-2024-7530 | Mozilla Firefox up to up to 128 Garbage Collection use after free

CVE-2024-13308 | Drupal Browser Back Button up to 2.0.1 cross site scripting

CVE-2024-11028 | icdsoft MultiManager WP Plugin up to 1.0.5 on WordPress authentication bypass