CVE-2025-2711
Description
A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.103
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2025-2709,CVE-2025-2710,CVE-2025-2711,CVE-2025-2712 are affected in Yonyou UFIDA ERP-NC 5.0 | Windows |
| libxml2 Security Update (ALAS-2025-2794) libxml2-2.9.1-6.amzn2.5.16.x86_64.rpm | Linux |
| libxml2 Security Update (ALAS-2025-2794) libxml2-2.9.1-6.amzn2.5.16.i686.rpm | Linux |
| libxml2 Security Update (ALAS-2025-2794) libxml2-python-2.9.1-6.amzn2.5.16.x86_64.rpm | Linux |
| libxml2 Security Update (ALAS-2025-2794) libxml2-static-2.9.1-6.amzn2.5.16.x86_64.rpm | Linux |
| libxml2 Security Update (ALAS-2025-2794) libxml2-devel-2.9.1-6.amzn2.5.16.x86_64.rpm | Linux |
| libxml2 Security Update (ALAS-2025-896) python3-libxml2-2.10.4-1.amzn2023.0.9.x86_64.rpm | Linux |
| libxml2 Security Update (ALAS-2025-896) libxml2-static-2.10.4-1.amzn2023.0.9.x86_64.rpm | Linux |
| libxml2 Security Update (ALAS-2025-896) libxml2-devel-2.10.4-1.amzn2023.0.9.x86_64.rpm | Linux |
| libxml2 Security Update (ALAS-2025-896) libxml2-2.10.4-1.amzn2023.0.9.x86_64.rpm | Linux |
| pcs Security Update (ALAS-2025-2822) pcs-snmp-0.9.169-3.amzn2.3.0.4.x86_64.rpm | Linux |
| pcs Security Update (ALAS-2025-2822) pcs-0.9.169-3.amzn2.3.0.4.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234