CNNVD-202511-1511 Information
CNNVD ID
CNNVD-202511-1511
Related CVE
- CNNVD Published: 2025-11-12
Description (Chinese)
aEnrich a+HRD和aEnrich a+HCM都是中国育碁(aEnrich)公司的产品。aEnrich a+HRD是一个全方位人力资源开发化解决方案。aEnrich a+HCM是一个人力资本管理系统。 aEnrich a+HRD和aEnrich a+HCM存在跨站脚本漏洞,该漏洞源于存储型跨站脚本,可能导致经验证的远程攻击者上传包含恶意JavaScript代码的文件,在用户访问特定URL时执行。
Description (English)
aEnrich a+HRD and aEnrich a+HCM are products of aEnrich China. aEnrich a+HRD is a holistic human resources development solution. aEnrich a+HCM is a human capital management system. AEnrich a+HRD and aEnrich a+HCM have a cross-site script loophole, which originates in a storage-type cross-site script and may result in a remote attacker with an empirical certificate uploading a file containing malicious JavaScript code to be executed when the user accesss a specific URL.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
育碁
Published
2025-11-12
Last Modified
2026-02-24
References
https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html
Patch
https://www.aenrich.com.tw/products/mps.html
Share on: