CVE-2021-30171

Special characters of ERP POS news page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-4707-9c87e-1.html Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:junhetec:enterprise_resource_planning_point_of_sale_system:2013.10:*:*:*:*:*:*:*

Information

Published : 2021-05-07 03:15

Updated : 2021-09-13 03:50


NVD link : CVE-2021-30171

Mitre link : CVE-2021-30171


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

junhetec

  • enterprise_resource_planning_point_of_sale_system