Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:jsherp:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductJsherp (8089109c-0460-5785-9a31-1fbb12320360)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-8840 vulnerable 2026-06-08 07:45:21.302218 jshERP Endpoint deleteBatch improper authorization
MEDIUM (5.4)
A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Different than CVE-2025-7947.
Published: 2025-08-11T09:32:05.802Z
Updated: 2025-08-11T12:49:40.283Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-8839 vulnerable 2026-06-08 07:45:21.300282 jshERP Endpoint addUser improper authorization
MEDIUM (6.3)
A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-08-11T09:02:08.591Z
Updated: 2025-08-11T12:51:21.325Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-7948 vulnerable 2026-06-08 07:45:18.549708 jshERP updatePwd password recovery
MEDIUM (4.3)
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-07-22T01:04:32.354Z
Updated: 2025-07-22T13:27:29.137Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-7947 vulnerable 2026-06-08 07:45:18.549055 jshERP Account delete improper authorization
MEDIUM (5.4)
A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-07-22T00:32:05.102Z
Updated: 2025-07-22T13:27:57.463Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-7566 vulnerable 2026-06-08 07:45:17.676768 jshERP SystemConfigController.java exportExcelByParam path traversal
MEDIUM (4.7)
A vulnerability has been found in jshERP up to 3.5 and classified as critical. This vulnerability affects the function exportExcelByParam of the file /src/main/java/com/jsh/erp/controller/SystemConfigController.java. The manipulation of the argument Title leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-07-14T03:02:05.368Z
Updated: 2025-07-14T17:47:00.444Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.