Jishenghua

Jsherp

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2026-11469

Exploit
  • EPSS 0.23%
  • Veröffentlicht 07.06.2026 23:45:07
  • Zuletzt bearbeitet 08.06.2026 14:57:14

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipul...

5.4

CVE-2026-11467

Exploit
  • EPSS 0.32%
  • Veröffentlicht 07.06.2026 23:15:10
  • Zuletzt bearbeitet 08.06.2026 14:57:14

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHe...

4.7

CVE-2026-8320

Exploit
  • EPSS 0.22%
  • Veröffentlicht 11.05.2026 19:30:11
  • Zuletzt bearbeitet 12.05.2026 16:38:54

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of the component updatePlatformConfigByKey Endpoint. S...

3.3

CVE-2026-1588

Exploit
  • EPSS 0.59%
  • Veröffentlicht 29.01.2026 13:32:06
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. The manipulation of ...

4.3

CVE-2026-1549

Exploit
  • EPSS 0.47%
  • Veröffentlicht 28.01.2026 23:02:07
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument conf...

9.8

CVE-2026-1546

Exploit
  • EPSS 0.34%
  • Veröffentlicht 28.01.2026 22:02:06
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. T...

4.6

CVE-2025-67341

Exploit
  • EPSS 0.15%
  • Veröffentlicht 12.12.2025 16:15:45
  • Zuletzt bearbeitet 19.12.2025 20:15:13

jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all ...

4.6

CVE-2025-67344

Exploit
  • EPSS 0.15%
  • Veröffentlicht 12.12.2025 00:00:00
  • Zuletzt bearbeitet 19.12.2025 20:15:34

jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint.

9.8

CVE-2025-51746

  • EPSS 0.41%
  • Veröffentlicht 25.11.2025 00:00:00
  • Zuletzt bearbeitet 02.12.2025 14:45:35

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks.

9.8

CVE-2025-51745

  • EPSS 0.41%
  • Veröffentlicht 25.11.2025 00:00:00
  • Zuletzt bearbeitet 02.12.2025 14:56:09

An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks.