CVE-2025-67344

Publication date

2025-12-12 00:00:00

Family

mitre

State

PUBLISHED

Description

jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint.