Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php" and "PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php" URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. NOTE: these js_include.php files do not exist in the SourceForge "stable release" (aka R37RC1).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PhreeBooksERP 跨站脚本漏洞
Vulnerability Description
PhreeBooksERP是一套开源的会计使用的ERP系统。 PhreeBooksERP 2017-02-13之前的版本中存在安全漏洞,该漏洞源于在‘form’HTTP GET参数传递到‘PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php’和‘PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php’URLs时
CVSS Information
N/A
Vulnerability Type
N/A