VYPR
p86o0 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249136.","additionalType":"https://schema.org/SoftwareApplication","sameAs":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7133"]},"keywords":"CVE-2023-7133, Medium, y_project Ruoyi, y_project Ruoyi","mentions":[{"@type":"SoftwareApplication","name":"Ruoyi","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"y_project"}},{"@type":"SoftwareApplication","name":"Ruoyi","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"y_project"}}],"isAccessibleForFree":true},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://portal.vyprsec.ai/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://portal.vyprsec.ai/cves"},{"@type":"ListItem","position":3,"name":"CVE-2023-7133","item":"https://portal.vyprsec.ai/cves/CVE-2023-7133"}]}]}
Medium severity4.3NVD Advisory· Published Dec 28, 2023· Updated Jun 17, 2026

CVE-2023-7133

CVE-2023-7133

Description

A vulnerability was found in y_project RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The manipulation of the argument rememberMe with the input falsen3f0mp86o0 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249136.

Affected products

2
  • y_project/Ruoyillm-fuzzy2 versions
    =4.7.8+ 1 more
    • (no CPE)range: =4.7.8
    • (no CPE)range: 4.7.8

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.