go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center



Jun-He Technology Ltd. ERP POS - Stored XSS-2

TVN ID TVN-202104007
CVE ID CVE-2021-30171
CVSS 4.6 (Medium)
Affected Products Jun-He Technology Ltd. ERP POS version 2013.10
Description Special characters of ERP POS news page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information.
Solution Update version to 2013.2101
Public Date 2021-05-07