Lucene search
+L

23 matches found

redhatcve
redhatcve
added 2026/01/09 10:43 a.m.9 views

CVE-2022-26263

Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...

6.1CVSS6.2AI score0.41454EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/12/08 5:14 a.m.9 views

CVE-2025-14185

A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...

6.5CVSS7AI score0.002EPSS
Exploits0References1
euvd
euvd
added 2025/12/07 6:30 a.m.7 views

EUVD-2025-201593

A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...

6.5CVSS6.4AI score0.002EPSS
Exploits0References5
nvd
nvd
added 2025/12/07 5:15 a.m.6 views

CVE-2025-14185

A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...

6.5CVSS0.002EPSS
Exploits0References4
cve
cve
added 2025/12/07 5:2 a.m.15 views

CVE-2025-14185

Yonyou U8 Cloud versions 5.0/5.0sp/5.1/5.1sp are affected by a SQL injection in an unknown function of nc/pubitf/erm/mobile/appservice/AppServletService.class. The vulnerability stems from manipulation of the usercode argument and can be exploited remotely. An exploit is publicly available; the v...

6.5CVSS6.4AI score0.002EPSS
Exploits0References4
cvelist
cvelist
added 2025/12/07 5:2 a.m.27 views

CVE-2025-14185 Yonyou U8 Cloud AppServletService.class sql injection

A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...

6.5CVSS0.002EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/12/07 5:2 a.m.6 views

CVE-2025-14185 Yonyou U8 Cloud AppServletService.class sql injection

A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...

6.5CVSS6.6AI score0.002EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/12/07 12:0 a.m.8 views

PT-2025-49396

A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...

6.5CVSS7.1AI score0.002EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/10/29 2:16 a.m.16 views

CVE-2025-12344

A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...

6.5CVSS6.4AI score0.00234EPSS
Exploits0References1
nvd
nvd
added 2025/10/28 2:15 a.m.8 views

CVE-2025-12344

A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...

6.5CVSS0.00234EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/10/28 1:32 a.m.3 views

CVE-2025-12344 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload

A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...

6.5CVSS6.2AI score0.00234EPSS
Exploits0References4
cvelist
cvelist
added 2025/10/28 1:32 a.m.15 views

CVE-2025-12344 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload

A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...

6.5CVSS0.00234EPSS
Exploits0References4
cve
cve
added 2025/10/28 1:32 a.m.17 views

CVE-2025-12344

Summary : CVE-2025-12344 affects Yonyou U8 Cloud up to 5.1sp. The vulnerability lies in an unknown function within /service/NCloudGatewayServlet (Request Header Handler) where manipulation of the ts/sign argument enables an unrestricted file upload. Exploitation can be performed remotely, and pub...

6.5CVSS6.2AI score0.00234EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/10/28 12:0 a.m.13 views

PT-2025-44082

Name of the Vulnerable Software and Affected Versions Yonyou U8 Cloud versions prior to 5.1sp Description A flaw exists in Yonyou U8 Cloud that allows for unrestricted file upload. This issue stems from manipulation of the ts/sign argument within a request header handled by an unknown function in...

6.5CVSS6.3AI score0.00234EPSS
Exploits0References8
cnnvd
cnnvd
added 2025/10/28 12:0 a.m.9 views

Yonyou U8 Cloud 代码问题漏洞

Yonyou U8 Cloud is a cloud-based enterprise management system from China's UFIDA Yonyou Corporation. A code issue vulnerability exists in Yonyou U8 Cloud 5.1sp and earlier versions, which stems from incorrect manipulation of the parameter ts/sign in the file/service/NCloudGatewayServlet, which...

6.5CVSS6.5AI score0.00234EPSS
Exploits0References5
attackerkb
attackerkb
added 2022/03/25 5:15 p.m.5 views

CVE-2022-26263

Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...

6.1CVSS5.8AI score0.41454EPSS
Exploits1References5
osv
osv
added 2022/03/25 5:15 p.m.8 views

CVE-2022-26263

Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...

6.1CVSS6.3AI score0.41454EPSS
Exploits1References3
nvd
nvd
added 2022/03/25 5:15 p.m.17 views

CVE-2022-26263

Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...

6.1CVSS0.41454EPSS
Exploits1References2
prion
prion
added 2022/03/25 5:15 p.m.22 views

Cross site scripting

Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...

4.3CVSS6AI score0.41454EPSS
Exploits1References3Affected Software1
euvd
euvd
added 2022/03/25 4:45 p.m.8 views

EUVD-2022-30825

Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...

6.1CVSS6AI score0.41454EPSS
Exploits1References3
Rows per page
Query Builder