Ufida Nc
by Yonyou
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34039 | Cri | 0.65 | — | 0.01 | Jun 24, 2025 | A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the… | ||
| CVE-2025-2712 | 0.00 | — | 0.00 | Mar 24, 2025 | A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched… | |||
| CVE-2025-2711 | 0.00 | — | 0.00 | Mar 24, 2025 | A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode leads to cross site scripting. It is possible to launch the attack remotely. The… | |||
| CVE-2025-2710 | 0.00 | — | 0.00 | Mar 24, 2025 | A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This issue affects some unknown processing of the file /menu.jsp. The manipulation of the argument flag leads to cross site scripting. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2025-2709 | 0.00 | — | 0.00 | Mar 24, 2025 | A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This vulnerability affects unknown code of the file /login.jsp. The manipulation of the argument key/redirect leads to cross site scripting. The attack can be initiated remotely. The exploit… | |||
| CVE-2023-4748 | 0.00 | — | 0.00 | Sep 5, 2023 | A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. This issue affects some unknown processing of the file PrintTemplateFileServlet.java. The manipulation of the argument filePath leads to path traversal. The attack may be… |
- risk 0.65cvss —epss 0.01
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the…
- CVE-2025-2712Mar 24, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched…
- CVE-2025-2711Mar 24, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode leads to cross site scripting. It is possible to launch the attack remotely. The…
- CVE-2025-2710Mar 24, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This issue affects some unknown processing of the file /menu.jsp. The manipulation of the argument flag leads to cross site scripting. The attack may be initiated remotely. The exploit has been…
- CVE-2025-2709Mar 24, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This vulnerability affects unknown code of the file /login.jsp. The manipulation of the argument key/redirect leads to cross site scripting. The attack can be initiated remotely. The exploit…
- CVE-2023-4748Sep 5, 2023risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. This issue affects some unknown processing of the file PrintTemplateFileServlet.java. The manipulation of the argument filePath leads to path traversal. The attack may be…