exploitDog

GHSA-4j9f-9f9c-hjq2

Опубликовано: 12 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 5.1

CVSS3: 5.4

Описание

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL.

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL.

Ссылки

EPSS

Процентиль: 17%

0.00053

Низкий

5.1 Medium

CVSS4

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-12872

CVSS3: 5.4

nvd

3 месяца назад

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL.

EPSS

Процентиль: 17%

0.00053

Низкий

5.1 Medium

CVSS4

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79