Skip to main content

Ruoyi CVE-2024-6511

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-07-04 cna@vuldb.com
5.3
CVSS 4.0 · Vendor: vuldb
Share

Severity by source

Vendor (vuldb) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (vuldb) · only source for this CVE.

CVSS VectorVendor: vuldb

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Jul 04, 2024 - 19:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270343.

AnalysisAI

A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270343. Affected products include: Ruoyi. Version information: up to 4.7.9..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Ruoyi

View all
CVE-2025-28412 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeControlle

CVE-2025-28410 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not prop

CVE-2025-28406 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter. Rated critical sev

CVE-2025-28405 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method. Rated critical se

CVE-2025-28402 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter. Rated critical severi

CVE-2023-49371 CRITICAL POC
9.8 Dec 01

RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. Rated critical severity

CVE-2022-4566 CRITICAL POC
9.8 Dec 16

A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. Rated critical severity (CVS

CVE-2025-70985 CRITICAL POC
9.1 Jan 23

RuoYi v4.8.2 has an access control flaw in the update function allowing unauthorized attackers to modify arbitrary data

CVE-2025-28409 HIGH POC
8.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endp

CVE-2025-28407 HIGH POC
8.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endp

CVE-2025-56396 HIGH POC
8.8 Nov 26

An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department havi

CVE-2022-23868 HIGH POC
7.8 Mar 30

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. Rated high s

Share

CVE-2024-6511 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy