CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2712 – Yonyou UFIDA ERP-NC top.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2712
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. • https://github.com/Hebing123/cve/issues/86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2711 – Yonyou UFIDA ERP-NC systop.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2711
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/Hebing123/cve/issues/86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2710 – Yonyou UFIDA ERP-NC menu.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2710
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This issue affects some unknown processing of the file /menu.jsp. The manipulation of the argument flag leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/85 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2709 – Yonyou UFIDA ERP-NC login.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2709
24 Mar 2025 — A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This vulnerability affects unknown code of the file /login.jsp. The manipulation of the argument key/redirect leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/84 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4748 – Yongyou UFIDA-NC PrintTemplateFileServlet.java path traversal
https://notcve.org/view.php?id=CVE-2023-4748
05 Sep 2023 — A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. This issue affects some unknown processing of the file PrintTemplateFileServlet.java. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/houseoforange/mybugs/blob/main/Yongyou-UFIDA-NC-Arbitrary-File-Read.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •