CVE-2024-42900

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
28/08/2024
Last modified:
14/05/2025

Description

Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ruoyi:ruoyi:*:*:*:*:*:*:*:* 4.7.9 (including)