CVE-2024-42900

Name of the Vulnerable Software and Affected Versions Ruoyi versions 4.7.9 and earlier

Description A cross-site scripting (XSS) issue was discovered in Ruoyi via the sql parameter of the createTable() function at "/tool/gen/create". This allows for potential exploitation.

Recommendations For versions 4.7.9 and earlier, as a temporary workaround, consider disabling the createTable() function until a patch is available. Restrict access to the "/tool/gen/create" endpoint to minimize the risk of exploitation. Avoid using the sql parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.