Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2712 info: name: Yonyou UFIDA ERP-NC V5.0 -...

CVE-2026-2712

creationtimestamp| type| source ---|---|--- 2026-04-10 02:13:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj4aqqaerl25 2026-04-19 05:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjta45iojm2h...

RHSA-2025:2712

creationtimestamp| type| source ---|---|--- 2025-04-16 18:56:07+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12130...

CVE-2025-2712

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. The exploi...

CVE-2025-2712 Yonyou UFIDA ERP-NC top.jsp cross site scripting

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. The exploi...

CVE-2025-2712 Yonyou UFIDA ERP-NC top.jsp cross site scripting

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. The exploi...

CVE-2015-2712

creationtimestamp| type| source ---|---|--- 2025-03-19 13:54:17+00:00| seen| https://gist.github.com/makeforfun/85ab01bc29a9bdc9bd019a3e320a3f94...

CVE-2024-2712

creationtimestamp| type| source ---|---|--- 2025-02-21 22:10:25+00:00| seen| Telegram/rMYG4Iq8lc6042kSIQz9n9uU8MDZM9wC5oXs1PWi8qx5qvI8...

CVE-2024-2712 Campcodes Complete Online DJ Booking System user-search.php sql injection

A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0. This issue affects some unknown processing of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated...

CVE-2024-2712 Campcodes Complete Online DJ Booking System user-search.php sql injection

A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0. This issue affects some unknown processing of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated...

CVE-2023-2712

Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server. This issue affects Rental Module: before 23.05.15...

CVE-2023-2712 Malicious File Upload vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform.

Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server. This issue affects Rental Module: before 23.05.15...

CVE-2023-2712

The CVE-2023-2712 issue affects Ideasoft’s E-commerce Platform Rental Module (pre-23.05.15). It is caused by Unrestricted Upload of File with Dangerous Type, enabling Command Injection via uploaded files and potentially a Web Shell on the web server. Documented impact includes high confidentialit...

CVE-2022-2712

creationtimestamp| type| source ---|---|--- 2023-01-27 12:34:09+00:00| seen| https://t.me/cibsecurity/57023...

CVE-2022-2712

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed...

CVE-2022-2712

Vulnerability: CVE-2022-2712 affects Eclipse GlassFish 5.1.0–6.2.5. Root cause is a relative path traversal flaw that fails to filter request paths starting with './'. Impact stated: remote unauthenticated attacker could access critical data (e.g., configuration files and deployed application sou...

SUSE: Security Advisory (SUSE-SU-2020:2712-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : openldap2 (SUSE-SU-2020:2712-1)

This update for openldap2 fixes the following issues : CVE-2020-8027: openldapupdatemodulespath.sh starts daemons unconditionally and uses fixed paths in /tmp bsc1175568. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...

CVE-2020-2712

CVE-2020-2712 affects the Oracle Banking Payments component (Core) of Oracle Financial Services Applications. Affected supported versions are 14.1.0–14.3.0 . The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. The attack can res...

CVE-2019-2712

CVE-2019-2712 affects Oracle Commerce Platform (Dynamo Application Framework) with affected versions 11.2.0.3 and 11.3.1. Multiple sources describe a vulnerability that allows an unauthenticated attacker, with network access over HTTP, to compromise the Oracle Commerce Platform. The exploit requi...