p86o0 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249136.","articleSection":"Information Security","identifier":"CVE-2023-7133","datePublished":"2023-12-28T18:15:45.853","dateModified":"2024-11-21T08:45:20.377","author":{"@type":"Organization","name":"NIST National Vulnerability Database","url":"https://nvd.nist.gov/"},"publisher":{"@type":"Organization","name":"CVEDatabase.com","logo":{"@type":"ImageObject","url":"https://cvedatabase.com/logo.png"}},"mainEntityOfPage":{"@type":"WebPage","@id":"https://cvedatabase.com/cve/CVE-2023-7133"},"about":{"@type":"Thing","name":"MEDIUM","description":"CVSS Score: 4.3"}}
HomeRuoyiCVE-2023-7133

CVE-2023-7133

MEDIUM
4.3CVSS
Published: 2023-12-28
Updated: 2024-11-21
AI Analysis

Description

A vulnerability was found in y_project RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The manipulation of the argument rememberMe with the input falsen3f0m<script>alert(1)</script>p86o0 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249136.

CVSS Metrics

Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
network
Complexity
low
Privileges
none
User Action
required
Scope
unchanged
Confidentiality
none
Integrity
low
Availability
none
Weaknesses
CWE-79

Metadata

Primary Vendor
RUOYI
Published
12/28/2023
Last Modified
11/21/2024
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

ruoyi : ruoyi

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2023-7133 | MEDIUM Severity | CVEDatabase.com | CVEDatabase.com