Vulnerabilities > CVE-2021-30170 - Unspecified vulnerability in Junhetec Enterprise Resource Planning Point of Sale System 2013.10
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Special characters of ERP POS customer profile page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |