go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center


Jun-He Technology Ltd. ERP POS - Stored XSS-1

TVN ID TVN-202104006
CVE ID CVE-2021-30170
CVSS 4.6 (Medium)
Affected Products Jun-He Technology Ltd. ERP POS version 2013.10
Description Special characters of ERP POS customer profile page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information.
Solution Update version to 2013.2101
Public Date 2021-05-07