A vulnerability was found in y_project RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function
SysUserServiceImpl
of the file ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java of the component Backend User Import. The manipulation of the argument loginName leads to cross site scripting.
This vulnerability is known as CVE-2024-9048. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.