CVE-2025-67344

Medium CVSS: 4.6

jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint.

Vendor

Product

CWE

Yayın Tarihi

2025-12-12 16:15:45

Güncelleme

2025-12-19 20:15:34

Source Identifier

cve@mitre.org

KEV Date Added

CWE-79 Jsherp MEDIUM Jishenghua 2025

https://github.com/jishenghua/jshERP/issues/140

Medium

CVE-2026-1588

A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshE…

Medium

CVE-2026-1549

A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionalit…

Medium

CVE-2026-1546

A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillI…

Medium

CVE-2025-67341

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to uploa…

Critical

CVE-2025-51744

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserializatio…

Critical

CVE-2025-51745

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization…