CVE-2025-8847
BaseFortify
Publication date: 2025-08-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruoyi | ruoyi | to 4.8.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8847 is a stored Cross-Site Scripting (XSS) vulnerability in the yangzongzhuan RuoYi application up to version 4.8.1. It occurs in the /system/notice/edit endpoint, specifically in the editSave method, where user inputs in the noticeTitle and noticeContent parameters are not properly sanitized before being stored in the backend database. This allows attackers to inject malicious JavaScript code that is persistently stored and later executed in the browsers of users who view the affected notices. The vulnerability is due to a misconfiguration that excludes the /system/notice routes from the application's XSS filtering mechanism, enabling attacker-controlled scripts to bypass security controls and execute remotely. [1, 2, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability allows attackers to execute arbitrary JavaScript code in the browsers of users who access the affected functionality. This can lead to session hijacking, unauthorized actions performed on behalf of users, data theft, and delivery of malicious content. Since the malicious scripts are stored persistently, every user viewing the compromised notices is at risk. The attack can be launched remotely and requires some user interaction to trigger the payload. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /system/notice/edit endpoint for stored XSS by submitting payloads in the noticeTitle or noticeContent parameters and observing if the payload executes when viewing the stored notice. A simple detection method is to send a POST request with a script payload such as <script>alert('XSS')</script> in noticeContent and then access the page that displays the notice to see if the script executes. For example, using curl: curl -X POST -d "noticeTitle=test¬iceContent=<script>alert('XSS')</script>" http://<target>/system/notice/edit and then visiting the notice display page in a browser to check for alert popups. This confirms the presence of the stored XSS vulnerability. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /system/notice/edit endpoint to trusted users only, as it requires permissions but still can be exploited by authorized users. Since the vulnerability arises from improper input sanitization and an XSS filter exclusion for /system/notice routes, a temporary fix is to remove or adjust the exclusion in the XssFilter configuration to enable filtering on these routes. Additionally, avoid using the affected versions of yangzongzhuan RuoYi (up to 4.8.1) and consider upgrading or replacing the component once a patch is available. In the meantime, monitor and audit inputs to the noticeTitle and noticeContent parameters to detect malicious payloads. [2, 3]