CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2712 – Yonyou UFIDA ERP-NC top.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2712
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. • https://github.com/Hebing123/cve/issues/86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2711 – Yonyou UFIDA ERP-NC systop.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2711
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/Hebing123/cve/issues/86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2710 – Yonyou UFIDA ERP-NC menu.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2710
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This issue affects some unknown processing of the file /menu.jsp. The manipulation of the argument flag leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/85 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2709 – Yonyou UFIDA ERP-NC login.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2709
24 Mar 2025 — A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This vulnerability affects unknown code of the file /login.jsp. The manipulation of the argument key/redirect leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/84 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-51906
https://notcve.org/view.php?id=CVE-2023-51906
20 Jan 2024 — An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component. Un problema en yonyou YonBIP v3_23.05 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado en el componente ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager. • http://yonbip.com •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51924
https://notcve.org/view.php?id=CVE-2023-51924
20 Jan 2024 — An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. Una vulnerabilidad de carga de archivos arbitrarios en la interfaz uap.framework.rc.itf.IResourceManager de YonBIP v3_23.05 permite a los atacantes ejecutar código arbitrario cargando un archivo manipulado. • http://yonbip.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51925
https://notcve.org/view.php?id=CVE-2023-51925
20 Jan 2024 — An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. Una vulnerabilidad de carga de archivos arbitrarios en el método nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() de YonBIP v3_23.05 permite a los atacantes ejecutar código arbitrario cargando un archivo manipulado. • http://yonbip.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51926
https://notcve.org/view.php?id=CVE-2023-51926
20 Jan 2024 — YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component. Se descubrió que YonBIP v3_23.05 contenía una vulnerabilidad de lectura de archivos arbitraria a través del componente nc.bs.framework.comn.serv.CommonServletDispatcher. • http://yonbip.com •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51927
https://notcve.org/view.php?id=CVE-2023-51927
20 Jan 2024 — YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method. Se descubrió que YonBIP v3_23.05 contiene una vulnerabilidad de inyección SQL a través del método com.yonyou.hrcloud.attend.web.AttendScriptController.runScript(). • http://yonbip.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51928
https://notcve.org/view.php?id=CVE-2023-51928
20 Jan 2024 — An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. Una vulnerabilidad de carga de archivos arbitrarios en el método nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() de YonBIP v3_23.05 permite a los atacantes ejecutar código arbitrario cargando un archivo manipulado. • http://yonbip.com • CWE-434: Unrestricted Upload of File with Dangerous Type •