VYPR
Unrated severityOSV Advisory· Published Dec 12, 2025· Updated Dec 12, 2025

CVE-2025-67341

CVE-2025-67341

Description

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • jshERP/jshERPOSV2 versions
    v1.0, v1.5, v2.0, …+ 1 more
    • (no CPE)range: v1.0, v1.5, v2.0, …
    • (no CPE)range: <=3.5

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.