CVE-2025-60801

High CVSS: 8.2

jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function.

Vendor

Product

CWE

Yayın Tarihi

2025-10-24 16:26:09

Güncelleme

2025-11-05 21:06:25

Source Identifier

cve@mitre.org

KEV Date Added

CWE-77 Jsherp HIGH Jishenghua 2025

Medium

CVE-2026-1588

A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshE…

Medium

CVE-2026-1549

A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionalit…

Medium

CVE-2026-1546

A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillI…

Medium

CVE-2025-67341

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to uploa…

Medium

CVE-2025-67344

jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint.

Critical

CVE-2025-51744

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserializatio…