diff --git a/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java b/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java
index 8b0432d..61c6083 100644
--- a/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java
+++ b/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java
@@ -44,6 +44,7 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
     static {
         // 初始化忽略校验的URL路径
         IGNORE_SPECIAL_CHARS_URLS.add("/smartArchives/system/user/resetPwd");
+        IGNORE_SPECIAL_CHARS_URLS.add("/smartArchives/system/user/profile/updatePwd");
         // 可以根据需要添加更多修改密码的URL
 
         // 初始化需要忽略的特殊字符模式