CVE-2025-67341

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-67341

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67341.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-67341

Published

2025-12-12T16:15:45.150Z

Modified

2026-03-13T03:42:05.422270Z

Severity

4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all users.

References

https://github.com/jishenghua/jshERP/issues/139

Affected packages

Git / github.com/jishenghua/jsherp

Affected ranges

Type

GIT

Repo

https://github.com/jishenghua/jsherp

Events

Introduced

Last affected

7ca0f9d68fef761d98b00854d09e975eba291465

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5"
        }
    ]
}

Affected versions

v1.*

v1.0

v1.5

v2.*

v2.0

v2.1

v2.3

v2.3.1

v3.*

v3.0

v3.1

v3.2

v3.3

v3.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67341.json"