Primary

Context

Yonyou UFIDA ERP-NC Cross-Site Scripting Vulnerability in menu.jsp

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Yonyou UFIDA ERP-NC version 5.0. This issue arises in the menu.jsp file, where the 'flag' parameter is not properly sanitized before being outputted, allowing for the injection of malicious JavaScript. The vulnerability can be exploited remotely, without authentication, but requires user interaction.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to the menu.jsp page with a crafted 'flag' parameter that includes JavaScript code, such as a script tag with an alert command. The injected script will be executed in the context of the victim's browser.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yonyou UFIDA ERP-NC Cross-Site Scripting Vulnerability in menu.jsp

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating