CVE-2025-67344
BaseFortify
Publication date: 2025-12-12
Last updated on: 2025-12-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jishenghua | jsherp | to 3.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /msg/add endpoint for stored Cross-Site Scripting (XSS) by injecting payloads such as `<img src=x onerror="alert('xss')">` into the msgContent field and then verifying if the script executes when the message is viewed. Detection involves sending crafted HTTP POST requests to /msg/add with malicious msgContent and observing if the payload executes in the recipient's browser. Specific commands are not provided in the resources, but using tools like curl or Burp Suite to send such payloads and monitoring the response or client-side execution can help detect the vulnerability. [1]
Can you explain this vulnerability to me?
This vulnerability is a stored Cross Site Scripting (XSS) issue in jshERP version 3.5 and earlier. It occurs via the /msg/add endpoint, where malicious scripts can be injected and stored, potentially executed later when accessed by users.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute malicious scripts in the context of users' browsers, potentially leading to theft of sensitive information, session hijacking, or other malicious actions affecting users of the affected application.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: (1) On the frontend, remove the use of the `v-html` directive and replace it with safe text interpolation (`{{ msgContent }}`) or apply whitelist-based sanitization libraries such as DOMPurify to filter out dangerous HTML tags and event handlers. Implement Content Security Policy (CSP) headers to block inline scripts. (2) On the backend, enforce authentication and authorization checks to ensure only authenticated users can insert messages, and apply server-side XSS sanitization using libraries like OWASP Java HTML Sanitizer to clean input before storing it in the database. [1]