34 matches found
Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the flag parameter in menu.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2710 info: name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting author:...
EUVD-2025-8013
Malicious code in bioql PyPI...
EUVD-2025-19039
Malicious code in bioql PyPI...
EUVD-2025-8022
Malicious code in bioql PyPI...
EUVD-2025-8030
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2025-2712
A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. The exploi...
CVE-2025-34039
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...
CVE-2025-34039
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...
CVE-2025-34039 Yonyou NC BeanShell Command Injection
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...
Yonyou UFIDA NC 安全漏洞
Yonyou UFIDA NC is a high-end management software from China's UFIDA Yonyou Corporation. A security vulnerability exists in Yonyou UFIDA NC v6.5 and prior versions, which originates from a code injection attack due to exposure of a BeanShell test servlet...
PT-2025-26670
Name of the Vulnerable Software and Affected Versions: Yonyou UFIDA NC versions 6.5 and prior Description: A code injection issue exists due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls, allowing unauthenticated remote attackers to execute...
VulnCheck KEV: CVE-2025-34039
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...
Yonyou UFIDA ERP-NC /login.jsp file cross-site scripting vulnerability
Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...
Yonyou UFIDA ERP-NC /help/top.jsp file cross-site scripting vulnerability
Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...
Yonyou UFIDA ERP-NC /menu.jsp file cross-site scripting vulnerability
Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...
CVE-2025-2709
A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This vulnerability affects unknown code of the file /login.jsp. The manipulation of the argument key/redirect leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclose...
CVE-2025-2712 Yonyou UFIDA ERP-NC top.jsp cross site scripting
A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. The exploi...
CVE-2025-2712 Yonyou UFIDA ERP-NC top.jsp cross site scripting
A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. The exploi...
CVE-2025-2712
CVE-2025-2712 affects Yonyou UFIDA ERP-NC 5.0. The vulnerability is a reflected cross-site scripting (XSS) in the langcode parameter, impacting /help/top.jsp (and, per related templates, /help/systop.jsp). Root cause: unsanitized input reflected in the response, enabling arbitrary JavaScript exec...
CVE-2025-2710
A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This issue affects some unknown processing of the file /menu.jsp. The manipulation of the argument flag leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the...