CNNVD-202512-5012 Information

Dec 29, 2025 cve

CNNVD ID

CNNVD-202512-5012

CVE-2025-15170

CNNVD Published: 2025-12-29

Description (Chinese)

Advaya Softech GEMS ERP Portal是印度Advaya Softech公司的一个企业资源计划（ERP）门户系统，提供企业级业务流程管理、财务管理和供应链整合功能。 Advaya Softech GEMS ERP Portal 2.1及之前版本存在代码注入漏洞，该漏洞源于对组件ErrorMessage Handler中文件/home.jsp?isError=true的参数Message的错误操作，可能导致跨站脚本。

Description (English)

Advaya Softech GEMS ERP Portal, an enterprise resource plan (ERP) portal system for Advaya Softech, India, provides business process management, financial management and supply chain integration functions at the enterprise level. There was a code-infusion loophole in Advaya Softech GEMS ERP Portal 2.1 and earlier versions, which resulted from the error of Message, the parameter for the ErrorMessage Handler in component ErrorMassage.jsp?isError=true, which could result in a cross-site script.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

Advaya Softech

Published

2025-12-29

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.338550 https://vuldb.com/?id.338550 https://vuldb.com/?submit.717590 https://syansec.in/video_poc/cve_2025.mp4 https://access.redhat.com/security/cve/cve-2025-15170

Share on: