Vulnerabilities > CVE-2021-30170 - Unspecified vulnerability in Junhetec Enterprise Resource Planning Point of Sale System 2013.10

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
junhetec

Summary

Special characters of ERP POS customer profile page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information.

Vulnerable Configurations

Part Description Count
Application
Junhetec
1