CVE-2024-9048

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Sep 21, 2024
Updated: Sep 26, 2024
CWE ID 79

Summary

CVE-2024-9048 identifies a vulnerability in the y_project RuoYi framework, specifically affecting versions up to 4.7.9, where improper input handling in the SysUserServiceImpl function can lead to cross-site scripting (XSS). This vulnerability can be exploited remotely, requiring user interaction and possessing high attack complexity, although its overall severity is rated low with a CVSS score of 3.1. Affected products include various components of the RuoYi framework, which must be patched using commit ID 9b68013b2af87b9c809c4637299abd929bc73510 to remediate the issue. Organizations utilizing these products may face potential integrity impacts due to XSS attacks if the vulnerability is not addressed promptly. The vulnerability has been disclosed publicly, which may increase the likelihood of attempts to exploit it.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share