Lucene search
+L

34 matches found

Nuclei
Nuclei
added 18 hours ago17 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the flag parameter in menu.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2710 info: name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting author:...

6.1CVSS4.7AI score0.00872EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-8013

Malicious code in bioql PyPI...

6.1CVSS4.8AI score0.00872EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-19039

Malicious code in bioql PyPI...

10CVSS6.6AI score0.00501EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-8030

Malicious code in bioql PyPI...

6.1CVSS4.8AI score0.0079EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-8022

Malicious code in bioql PyPI...

6.1CVSS4.8AI score0.00872EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.11 views

VulnCheck KEV: CVE-2025-2712

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. The exploi...

6.1CVSS3.8AI score0.0079EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2025/06/26 3:12 a.m.9 views

CVE-2025-34039

A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...

10CVSS8.6AI score0.00501EPSS
Exploits0References1
NVD
NVD
added 2025/06/24 2:15 a.m.9 views

CVE-2025-34039

A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...

10CVSS0.00501EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/24 1:7 a.m.5 views

CVE-2025-34039 Yonyou NC BeanShell Command Injection

A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...

10CVSS8.2AI score0.00501EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.5 views

Yonyou UFIDA NC 安全漏洞

Yonyou UFIDA NC is a high-end management software from China's UFIDA Yonyou Corporation. A security vulnerability exists in Yonyou UFIDA NC v6.5 and prior versions, which originates from a code injection attack due to exposure of a BeanShell test servlet...

10CVSS7.2AI score0.00501EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.5 views

PT-2025-26670

Name of the Vulnerable Software and Affected Versions: Yonyou UFIDA NC versions 6.5 and prior Description: A code injection issue exists due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls, allowing unauthenticated remote attackers to execute...

10CVSS8.6AI score0.00501EPSS
Exploits0References9
VulnCheck KEV
VulnCheck KEV
added 2025/06/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34039

A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...

10CVSS6.2AI score0.00501EPSS
In wildExploits0References87
CNVD
CNVD
added 2025/03/28 12:0 a.m.3 views

Yonyou UFIDA ERP-NC /help/top.jsp file cross-site scripting vulnerability

Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...

6.1CVSS4.7AI score0.0079EPSS
Exploits1References1
CNVD
CNVD
added 2025/03/28 12:0 a.m.4 views

Yonyou UFIDA ERP-NC /menu.jsp file cross-site scripting vulnerability

Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...

6.1CVSS4.7AI score0.00872EPSS
Exploits1References1
CNVD
CNVD
added 2025/03/28 12:0 a.m.7 views

Yonyou UFIDA ERP-NC /login.jsp file cross-site scripting vulnerability

Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...

6.1CVSS4.7AI score0.00872EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/26 8:23 p.m.11 views

CVE-2025-2709

A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This vulnerability affects unknown code of the file /login.jsp. The manipulation of the argument key/redirect leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclose...

6.1CVSS6.5AI score0.00872EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/24 9:31 p.m.6 views

CVE-2025-2712 Yonyou UFIDA ERP-NC top.jsp cross site scripting

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. The exploi...

5.3CVSS6.2AI score0.0079EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/24 9:31 p.m.30 views

CVE-2025-2712 Yonyou UFIDA ERP-NC top.jsp cross site scripting

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. The exploi...

5.3CVSS0.0079EPSS
Exploits1References3
CVE
CVE
added 2025/03/24 9:31 p.m.94 views

CVE-2025-2712

CVE-2025-2712 affects Yonyou UFIDA ERP-NC 5.0. The vulnerability is a reflected cross-site scripting (XSS) in the langcode parameter, impacting /help/top.jsp (and, per related templates, /help/systop.jsp). Root cause: unsanitized input reflected in the response, enabling arbitrary JavaScript exec...

6.1CVSS6.2AI score0.0079EPSS
In wildExploits1References3Affected Software1
OSV
OSV
added 2025/03/24 9:15 p.m.7 views

CVE-2025-2710

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This issue affects some unknown processing of the file /menu.jsp. The manipulation of the argument flag leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the...

6.1CVSS3.6AI score0.00872EPSS
Exploits1References4
Rows per page
Query Builder