CVE-2024-6511 | y_project RuoYi up to 4.7.9 Content-Type isJsonRequest HttpHeaders.CONTENT_TYPE cross site scripting (IA8O7O)

Inserito da Angelo Barbosa | Lug 4, 2024 | CVE

A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cross site scripting.

This vulnerability is known as CVE-2024-6511. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-6511 | y_project RuoYi up to 4.7.9 Content-Type isJsonRequest HttpHeaders.CONTENT_TYPE cross site scripting (IA8O7O)

Post correlati

CVE-2024-5725 | Centreon prior 22.04.24/22.10.22/23.04.18/23.10.12/24.04.0 initCurveList sql injection

CVE-2024-40950 | Linux Kernel up to 6.9.6 split_huge_pages mapping_large_folio_support information disclosure (5df493a99fcf/6a50c9b512f7)

CVE-2024-2771 | Contact Form Plugin up to 5.1.16 on WordPress Setting authorization

CVE-2024-28576 | FreeImage 3.19.0 r1909 J2K Image opj_j2k_tcp_destroy buffer overflow