Vulnerabilities > Ruoyi > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-21 | CVE-2024-9048 | Cross-site Scripting vulnerability in Ruoyi A vulnerability was found in y_project RuoYi up to 4.7.9. | 6.1 |
| 2024-07-19 | CVE-2024-41599 | Cross-site Scripting vulnerability in Ruoyi Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method | 6.1 |
| 2023-12-28 | CVE-2023-7133 | Cross-site Scripting vulnerability in Ruoyi 4.7.8 A vulnerability was found in y_project RuoYi 4.7.8. | 6.1 |
| 2023-07-21 | CVE-2023-3815 | Cross-site Scripting vulnerability in Ruoyi A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. | 6.1 |
| 2022-12-08 | CVE-2022-4348 | Improper Enforcement of Message or Data Structure vulnerability in Ruoyi Ruoyi-Cloud A vulnerability was found in y_project RuoYi-Cloud. | 6.1 |
| 2022-03-30 | CVE-2022-23868 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ruoyi 4.7.2 RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. | 6.8 |
| 2022-03-30 | CVE-2022-23869 | Incorrect Permission Assignment for Critical Resource vulnerability in Ruoyi 4.7.2 In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request. | 4.0 |