Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for warehouseManager 仓库管理系统 by yangshare

    CVE-2025-14538 (GCVE-0-2025-14538)

    Vulnerability from nvd – Published: 2025-12-11 21:02 – Updated: 2025-12-12 21:48
    VLAI
    Title
    yangshare warehouseManager 仓库管理系统 CustomerManageHandler.java addCustomer cross site scripting
    Summary
    A security vulnerability has been detected in yangshare warehouseManager 仓库管理系统 1.1.0. This affects the function addCustomer of the file CustomerManageHandler.java. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.335877 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.335877 signaturepermissions-required
    https://vuldb.com/?submit.703736 third-party-advisory
    https://gitee.com/yangshare/warehouseManager/issu… exploitissue-tracking
    Impacted products
    Credits
    zzdzz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14538",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-12T21:48:06.968791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-12T21:48:16.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "warehouseManager \u4ed3\u5e93\u7ba1\u7406\u7cfb\u7edf",
              "vendor": "yangshare",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zzdzz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in yangshare warehouseManager \u4ed3\u5e93\u7ba1\u7406\u7cfb\u7edf 1.1.0. This affects the function addCustomer of the file CustomerManageHandler.java. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T21:02:10.087Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-335877 | yangshare warehouseManager \u4ed3\u5e93\u7ba1\u7406\u7cfb\u7edf CustomerManageHandler.java addCustomer cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.335877"
            },
            {
              "name": "VDB-335877 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.335877"
            },
            {
              "name": "Submit #703736 | gitee WarehouseManager v1.1.0 - Remove CAPTCHA Improper Neutralization of Alternate XSS Syntax",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.703736"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/yangshare/warehouseManager/issues/ID9NAU"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-11T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-11T12:09:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yangshare warehouseManager \u4ed3\u5e93\u7ba1\u7406\u7cfb\u7edf CustomerManageHandler.java addCustomer cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-14538",
        "datePublished": "2025-12-11T21:02:10.087Z",
        "dateReserved": "2025-12-11T11:04:48.830Z",
        "dateUpdated": "2025-12-12T21:48:16.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14538 (GCVE-0-2025-14538)

    Vulnerability from cvelistv5 – Published: 2025-12-11 21:02 – Updated: 2025-12-12 21:48
    VLAI
    Title
    yangshare warehouseManager 仓库管理系统 CustomerManageHandler.java addCustomer cross site scripting
    Summary
    A security vulnerability has been detected in yangshare warehouseManager 仓库管理系统 1.1.0. This affects the function addCustomer of the file CustomerManageHandler.java. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.335877 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.335877 signaturepermissions-required
    https://vuldb.com/?submit.703736 third-party-advisory
    https://gitee.com/yangshare/warehouseManager/issu… exploitissue-tracking
    Impacted products
    Credits
    zzdzz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14538",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-12T21:48:06.968791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-12T21:48:16.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "warehouseManager \u4ed3\u5e93\u7ba1\u7406\u7cfb\u7edf",
              "vendor": "yangshare",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zzdzz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in yangshare warehouseManager \u4ed3\u5e93\u7ba1\u7406\u7cfb\u7edf 1.1.0. This affects the function addCustomer of the file CustomerManageHandler.java. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T21:02:10.087Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-335877 | yangshare warehouseManager \u4ed3\u5e93\u7ba1\u7406\u7cfb\u7edf CustomerManageHandler.java addCustomer cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.335877"
            },
            {
              "name": "VDB-335877 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.335877"
            },
            {
              "name": "Submit #703736 | gitee WarehouseManager v1.1.0 - Remove CAPTCHA Improper Neutralization of Alternate XSS Syntax",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.703736"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/yangshare/warehouseManager/issues/ID9NAU"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-11T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-11T12:09:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yangshare warehouseManager \u4ed3\u5e93\u7ba1\u7406\u7cfb\u7edf CustomerManageHandler.java addCustomer cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-14538",
        "datePublished": "2025-12-11T21:02:10.087Z",
        "dateReserved": "2025-12-11T11:04:48.830Z",
        "dateUpdated": "2025-12-12T21:48:16.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }