CVE Tools

jishenghua

Enterprise Softwarecommercial

16

Cumulative CVEs

3

Monthly snapshots

#122

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting jishenghua.

CVE-2026-11469jishenghua jshERP platformConfig Add Endpoint PlatformConfigService.java insertPlatformConfig server-side request forgery4.7Jun 7, 2026
CVE-2026-11467jishenghua jshERP addAccountHeadAndDetail Endpoint AccountHeadService.java path traversal5.4Jun 7, 2026
CVE-2026-8320jishenghua jshERP updatePlatformConfigByKey Endpoint UserService.java getUserByWeixinCode server-side request forgery4.7May 11, 2026
CVE-2026-1588jishenghua jshERP installByPath install path traversal2.7Jan 29, 2026
CVE-2026-1549jishenghua jshERP PluginController uploadPluginConfigFile path traversal4.3Jan 28, 2026
CVE-2026-1546jishenghua jshERP com.jsh.erp.datasource.mappers.DepotItemMapperEx importItemExcel getBillItemByParam sql injection6.3Jan 28, 2026
CVE-2025-67344jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint.4.6Dec 12, 2025
CVE-2025-67341jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be acc...4.6Dec 12, 2025
CVE-2025-51746An issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks.9.8Nov 25, 2025
CVE-2025-51745An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks.9.8Nov 25, 2025
CVE-2025-51744An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks.9.8Nov 25, 2025
CVE-2025-51743An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks.9.8Nov 25, 2025
CVE-2025-51742An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject(), introducing a Fastjson des...9.8Nov 25, 2025
CVE-2025-60800Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.7.5Oct 28, 2025
CVE-2025-60801jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function.8.2Oct 24, 2025