CVE-2025-67341

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all users...

CVE-2025-67341

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all users...

CVE-2025-67341

CVE-2025-67341 affects jshERP 3.5 and earlier, with a stored XSS in uploaded PDF files that can be accessed via static URLs by any user. The issue’s root cause is a stored XSS vulnerability in PDF upload handling, leading to potential script execution within users’ contexts. Severity is CVSS v3.1...

Piwigo Cross-Site Request Forgery Vulnerability (CNVD-2017-13852)

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A cross-site request forgery vulnerability exists in Piwigo 2.9.1 and earlier versions. A remote attacker can exploit thi...

MantisBT Cross-Site Request Forgery Vulnerability

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site request forgery vulnerability exists in MantisBT versions prior to 2.4.1, which stems from a missing...