CNNVD-202509-3225 Information

CNNVD ID

CNNVD-202509-3225

Related CVE

CVE-2025-57204

• CNNVD Published: 2025-09-22

Description (Chinese)

ui-lib Stocky是孟加拉国ui-lib公司的一个人力资源管理系统。 ui-lib Stocky 5.0版本存在安全漏洞，该漏洞源于产品名称参数清理和转义不足，可能导致存储型跨站脚本攻击。

Description (English)

ui-lib Stocky is a human resources management system for ui-lib in Bangladesh. ui-lib Stocky version 5.0 contains a security loophole, which stems from inadequate clean-up and conversion of product name parameters and may result in storage-type cross-site script attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ui-lib

Published

2025-09-22

Last Modified

2026-02-24

References

https://grumpz.net/cve-2025-57204-stored-xss-in-stocky-pos-with-inventory-management-and-hrm-ui-lib-50 https://codecanyon.net/item/stockyultimate-inventory-management-system-with-pos/31445124 https://access.redhat.com/security/cve/cve-2025-57204