Lucene search
K

322 matches found

Nuclei
Nuclei
added yesterday13 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the flag parameter in menu.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2710 info: name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting author:...

6.1CVSS6.1AI score0.00872EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

Yonyou YonBIP - Path Traversal

Yonyou YonBIP v3 and before contains a path traversal caused by improper validation in the LoginWithV8 interface of the series data application service system, letting unauthorized attackers access sensitive information. id: CVE-2025-66744 info: name: Yonyou YonBIP - Path Traversal author:...

7.5CVSS7AI score0.01446EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday16 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2711 info: name: Yonyou UFIDA ERP-NC V5.0 -...

6.1CVSS6.1AI score0.00872EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday13 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the key and redirect parameters in login.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2709 info: name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scriptin...

6.1CVSS6.1AI score0.00872EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday11 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2712 info: name: Yonyou UFIDA ERP-NC V5.0 -...

6.1CVSS6.1AI score0.0079EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday94 views

Yonyou U8 13.0 - Cross-Site Scripting

Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

6.1CVSS6.4AI score0.41454EPSS
Exploits1References5
NVD
NVD
added 2026/07/02 5:16 p.m.9 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS0.0086EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 5:4 p.m.36 views

CVE-2022-50973 Yonyou KSOA 9.0 Unauthenticated File Upload RCE via ImageUpload Servlet

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS0.0086EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 5:4 p.m.19 views

CVE-2022-50973

Summary: CVE-2022-50973 affects Yonyou KSOA 9.0. The issue is an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet. Exploitation requires no authentication and relies on attacker-controlled filepath and filename parameters, with no validation of file t...

9.8CVSS6.2AI score0.0086EPSS
In wildExploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:4 p.m.11 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS6.2AI score0.0086EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.17 views

PT-2026-55262

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description An unauthenticated arbitrary file upload issue exists in the com.sksoft.bill.ImageUpload servlet. Unauthenticated attackers can upload arbitrary files by submitting a POST request to the endpoint without...

9.8CVSS6.4AI score0.0086EPSS
Exploits0References9
VulnCheck KEV
VulnCheck KEV
added 2026/03/30 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-66744

In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system...

7.5CVSS5.8AI score0.01446EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2026/01/20 11:26 p.m.10 views

CVE-2026-1179

A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/userpopedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. The attack can be launched remotely. The exploit is now public and may be...

9.8CVSS7.1AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/20 10:23 p.m.8 views

CVE-2026-1177

A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/savefolder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. It is possible to launch the atta...

9.8CVSS5.5AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/20 10:23 p.m.7 views

CVE-2026-1178

A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid leads to sql injection. The attack can be initiated remotely. The...

9.8CVSS7AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/20 2:25 a.m.6 views

CVE-2026-1132

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/editfolder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has...

9.8CVSS5.4AI score0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/20 2:25 a.m.7 views

CVE-2026-1133

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has...

9.8CVSS5.5AI score0.00493EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/20 1:22 a.m.7 views

CVE-2026-1131

A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/savecatalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

9.8CVSS5.5AI score0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/20 1:22 a.m.10 views

CVE-2026-1130

A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksaddplan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS5.4AI score0.00493EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/20 12:30 a.m.7 views

EUVD-2026-3279

A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/savefolder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. It is possible to launch the atta...

7.5CVSS5.5AI score0.00359EPSS
Exploits0References5
Rows per page
Query Builder