Vulnerabilities > Ruoyi > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-21 | CVE-2024-9048 | Cross-site Scripting vulnerability in Ruoyi A vulnerability was found in y_project RuoYi up to 4.7.9. | 6.1 |
| 2024-07-19 | CVE-2024-41599 | Cross-site Scripting vulnerability in Ruoyi Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method | 6.1 |
| 2023-12-28 | CVE-2023-7133 | Unspecified vulnerability in Ruoyi 4.7.8 A vulnerability was found in y_project RuoYi 4.7.8. | 6.1 |
| 2023-07-21 | CVE-2023-3815 | Unspecified vulnerability in Ruoyi A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. | 6.1 |
| 2022-12-08 | CVE-2022-4348 | Unspecified vulnerability in Ruoyi Ruoyi-Cloud A vulnerability was found in y_project RuoYi-Cloud. | 6.1 |
| 2022-07-13 | CVE-2022-32065 | Cross-site Scripting vulnerability in Ruoyi An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. | 5.4 |
| 2022-03-30 | CVE-2022-23869 | Incorrect Permission Assignment for Critical Resource vulnerability in Ruoyi 4.7.2 In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request. | 6.5 |