CVE-2023-7133

Name of the Vulnerable Software and Affected Versions y project RuoYi version 4.7.8

Description A vulnerability was found in the HTTP POST Request Handler component, specifically affecting the /login file. The issue arises from the manipulation of the rememberMe argument with malicious input, leading to cross-site scripting. The attack can be initiated remotely.

Recommendations For y project RuoYi version 4.7.8, as a temporary workaround, consider restricting access to the /login endpoint or disabling the rememberMe argument until a patch is available. Avoid using the rememberMe argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.