CVE-2022-4348

Опубликовано: 08 дек. 2022

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

EPSS Низкий

Описание

A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108.

Ссылки

https://gitee.com/y_project/RuoYi-Cloud/issues/I5IRC8
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?id.215108
Third Party Advisory
https://gitee.com/y_project/RuoYi-Cloud/issues/I5IRC8
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?id.215108
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ruoyi:ruoyi-cloud:-:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00177

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-707

Связанные уязвимости

GHSA-vp22-232w-h9x8

CVSS3: 6.1

github

около 3 лет назад

RuoYi-Cloud Cross-site Scripting vulnerability

EPSS

Процентиль: 39%

0.00177

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-707