CVE-2025-55366
CVE-2025-55366 affects jshERP v3.5; improper access control in the UserController.java component (controller\UserController.java) allows attackers to arbitrarily reset user passwords and perform horizontal privilege escalation. Affected software/version is jshERP 3.5; underlying cause is access c...