CVE-2024-6511

LOW

y_project RuoYi <4.7.9 - XSS

Title source: llm

Description

A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270343.

Exploits (1)

gitee 47,892 stars
by y_project · javawriteup
https://gitee.com/y_project/RuoYi/issues/IA8O7O

References (3)

Scores

CVSS v3 3.5
EPSS 0.0063
EPSS Percentile 70.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
ruoyi/ruoyi < 4.7.9
Published Jul 04, 2024
Tracked Since Feb 18, 2026