CVE-2025-12872

🗓️ 12 Nov 2025 07:47:11Reported by twcertType

CVE-2025-12872 Stored XSS in aEnrich aHRD and aHCM allows authenticated attackers to upload JavaScript that runs on visit.

Reporter	Title	Published	Views	Family All 7
CNNVD	aEnrich a+HRD和aEnrich a+HCM 跨站脚本漏洞	12 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-12872 aEnrich｜eHRD - Stored Cross-Site Scripting	12 Nov 202507:47	–	cvelist
EUVD	EUVD-2025-119988	12 Nov 202507:47	–	euvd
NVD	CVE-2025-12872	12 Nov 202508:15	–	nvd
Positive Technologies	PT-2025-46574	12 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-12872	13 Nov 202509:08	–	redhatcve
Vulnrichment	CVE-2025-12872 aEnrich｜eHRD - Stored Cross-Site Scripting	12 Nov 202507:47	–	vulnrichment

Vulners

Node

aenrich a+hrdRange≤7.5

aenrich a+hcmRange≤8.1

[
  {
    "defaultStatus": "unaffected",
    "product": "a+HRD",
    "vendor": "aEnrich",
    "versions": [
      {
        "lessThanOrEqual": "7.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "a+HCM",
    "vendor": "aEnrich",
    "versions": [
      {
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
twcert	www.twcert.org.tw/en/cp-139-10487-12a32-2.html
twcert	www.twcert.org.tw/tw/cp-132-10486-a3459-1.html

15 Apr 2026 00:35Current

5.7Medium risk

Vulners AI Score5.7

CVSS 45.1

CVSS 3.15.4

EPSS0.00032

SSVC

CWE-79