Wang勇

**Name of the Vulnerable Software and Affected Versions** RuoYi versions up to 4.7.9 **Description** A vulnerability was found in the function `SysUserServiceImpl` of the component Backend User Import. The manipulation of the argument `loginName` leads to cross-site scripting. The attack can be launched remotely. The complexity of an attack is rather high, and the exploitation appears to be difficult. **Recommendations** For RuoYi versions up to 4.7.9, apply a patch to fix this issue, specifically the patch named `9b68013b2af87b9c809c4637299abd929bc73510`. As a temporary workaround, consider validating user input for the `loginName` argument to minimize the risk of exploitation. Restrict access to the `SysUserServiceImpl` function until the patch is applied.