2 matches found
CVE-2021-30171
Special characters of ERP POS news page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS Stored Cross-site scripting attacks, additionally access and manipulate customer’s information...
CVE-2021-30171
CVE-2021-30171 affects Jun-He Technology / Junghwa ERP POS: special characters on the ERP POS news page are not filtered, allowing remote authenticated attackers to inject JavaScript and perform stored XSS, with potential access to and manipulation of customer information. Root cause: unfiltered ...