23 matches found
CVE-2022-26263
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...
CVE-2025-14185
A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...
EUVD-2025-201593
A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...
CVE-2025-14185
A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...
CVE-2025-14185
Yonyou U8 Cloud versions 5.0/5.0sp/5.1/5.1sp are affected by a SQL injection in an unknown function of nc/pubitf/erm/mobile/appservice/AppServletService.class. The vulnerability stems from manipulation of the usercode argument and can be exploited remotely. An exploit is publicly available; the v...
CVE-2025-14185 Yonyou U8 Cloud AppServletService.class sql injection
A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...
CVE-2025-14185 Yonyou U8 Cloud AppServletService.class sql injection
A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...
PT-2025-49396
A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...
CVE-2025-12344
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...
CVE-2025-12344
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...
CVE-2025-12344 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...
CVE-2025-12344 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...
CVE-2025-12344
Summary : CVE-2025-12344 affects Yonyou U8 Cloud up to 5.1sp. The vulnerability lies in an unknown function within /service/NCloudGatewayServlet (Request Header Handler) where manipulation of the ts/sign argument enables an unrestricted file upload. Exploitation can be performed remotely, and pub...
PT-2025-44082
Name of the Vulnerable Software and Affected Versions Yonyou U8 Cloud versions prior to 5.1sp Description A flaw exists in Yonyou U8 Cloud that allows for unrestricted file upload. This issue stems from manipulation of the ts/sign argument within a request header handled by an unknown function in...
Yonyou U8 Cloud 代码问题漏洞
Yonyou U8 Cloud is a cloud-based enterprise management system from China's UFIDA Yonyou Corporation. A code issue vulnerability exists in Yonyou U8 Cloud 5.1sp and earlier versions, which stems from incorrect manipulation of the parameter ts/sign in the file/service/NCloudGatewayServlet, which...
CVE-2022-26263
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...
CVE-2022-26263
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...
CVE-2022-26263
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...
Cross site scripting
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...
EUVD-2022-30825
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting XSS vulnerability via the component /u8sl/WebHelp...