CVE-2025-67341

Published: Dec 12, 2025Modified: Dec 19, 2025

4.6

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Exploitability: 2.1 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all users.

Affected (1)

Products: Jishenghua: Jsherp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jishenghua Jsherp	Up to 3.5

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

https://github.com/jishenghua/jshERP/issues/139

Source: cve@mitre.org

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.