CVE-2025-2711 PoC — Yonyou UFIDA ERP-NC 代码注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-2711.yaml

Associated Vulnerability

Title:Yonyou UFIDA ERP-NC 代码注入漏洞 (CVE-2025-2711)
Description:用友 Yonyou UFIDA ERP-NC是中国Yonyou（用友）公司的一个电子商务平台。 Yonyou UFIDA ERP-NC 5.0版本存在代码注入漏洞，该漏洞源于跨站脚本攻击，可能导致远程攻击。

Description

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution.

File Snapshot


 id: CVE-2025-2711

info:
  name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
  author: ritikchad

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!