Jsherp Security Vulnerabilities and Issues — Jsherp CVE List

Lucene search

JishenghuaJsherp

4 matches found

CVE•added 2025/08/11 10:15 a.m.•8 views

CVE-2025-8840

A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed...

5.5CVSS7.2AI score0.00054EPSS

Web

CVE•added 2025/08/21 2:15 p.m.•7 views

CVE-2025-55366

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.

5.3CVSS7.6AI score0.00035EPSS

CVE•added 2025/08/21 2:15 p.m.•7 views

CVE-2025-55367

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

5.3CVSS7.1AI score0.00035EPSS

CVE•added 2025/08/21 3:15 p.m.•7 views

CVE-2025-55371

Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method.

5.3CVSS6.8AI score0.00035EPSS