VYPR
Unrated severityOSV Advisory· Published Dec 12, 2025· Updated Dec 12, 2025

CVE-2025-67344

CVE-2025-67344

Description

jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • jshERP/jshERPOSV2 versions
    v1.0, v1.5, v2.0, …+ 1 more
    • (no CPE)range: v1.0, v1.5, v2.0, …
    • (no CPE)range: <=3.5

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.

CVE-2025-67344 · VYPR