CVE-2025-67344 | jshERP up to 3.5 /msg/add cross site scripting (Issue 140)

December 12, 2025 Yanac

A vulnerability, which was classified as problematic, has been found in jshERP up to 3.5. This affects an unknown part of the file /msg/add. The manipulation leads to cross site scripting.

This vulnerability is traded as CVE-2025-67344. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More

CVE-2025-14476 | Doubly Plugin up to 1.0.46 on WordPress ZIP File Import deserialization
CVE-2025-13733 | Dr.Buho BuhoNTFS 1.3.2 XPC Service permission assignment