CVE-2025-7901

MEDIUM NUCLEI

yangzongzhuan RuoYi <4.8.1 - XSS

Title source: llm

Description

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be initiated remotely.

Nuclei Templates (1)

yangzongzhuan RuoYi - DOM Based XSS

MEDIUMVERIFIEDby Nikhil Patidar

Shodan: html:"RuoYi"

References (4)

[Exploit, Issue Tracking, Vendor Advisory] https://github.com/yangzongzhuan/RuoYi/issues/293

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.317015

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.317015

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.618353

Scores

CVSS v3 4.3

EPSS 0.0012

EPSS Percentile 30.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-94 CWE-79

Status published

Products (1)

ruoyi/ruoyi < 4.8.1

Published Jul 20, 2025

Tracked Since Feb 18, 2026