CVE-2023-3815

Name of the Vulnerable Software and Affected Versions y project RuoYi versions up to 4.7.7

Description A vulnerability has been found in the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely.

Recommendations For y project RuoYi versions up to 4.7.7, consider disabling the uploadFilesPath function until a patch is available. Restrict access to the File Upload component to minimize the risk of exploitation. Avoid using the originalFilenames argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.