CNNVD-202511-1514 Information

CNNVD ID

CNNVD-202511-1514

Related CVE

CVE-2025-12869

• CNNVD Published: 2025-11-12

Description (Chinese)

aEnrich a+HRD是中国育碁（aEnrich）公司的一个全方位人力资源开发化解决方案。 aEnrich a+HRD存在跨站脚本漏洞，该漏洞源于存储型跨站脚本，可能允许具有管理员权限的远程攻击者注入持久性JavaScript代码。

Description (English)

aEnrich a+HRD is a holistic human resource development solution for aEnrich Corporation in China. aEnrich a+HRD has a cross-site script loophole, which originates in a storage-type cross-site script that may allow remote assailants with administrator privileges to inject persistent JavaScript code.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

育碁

Published

2025-11-12

Last Modified

2026-02-24

References

https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html

Patch

https://www.aenrich.com.tw/products/mps.html