Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-7901 PoC — yangzongzhuan RuoYi Swagger UI index.html cross site scripting

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/headless/cves/2025/CVE-2025-7901.yaml
Associated Vulnerability
Title:yangzongzhuan RuoYi Swagger UI index.html cross site scripting (CVE-2025-7901)
Description:A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be initiated remotely.
Description
yangzongzhuan RuoYi = 4.8.1 contains a stored XSS caused by manipulation of the \"configUrl\" argument in /swagger-ui/index.html of Swagger UI, letting remote attackers execute scripts, exploit requires crafted request.
File Snapshot

 id: CVE-2025-7901

info:
  name: yangzongzhuan RuoYi - DOM Based XSS
  author: Nikhil Patidar
  seve

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →