CVE-2021-30171 MEDIUM

CVE-2021-30171: Jun-He Technology Ltd. ERP POS - Stored XSS-2

Vendor Jun-He Technology Ltd.

Product ERP POS

Weakness CWE-79 · XSS

Published May 7, 2021

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Special characters of ERP POS news page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information.

Key dates

02Disclosure timeline

May 7, 2021 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-30171 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-3388 hailey888 oa_system Frontend LoginsController.java loginCheck cross site scripting CVE-2025-52485 DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed CVE-2023-48743 WordPress Simply Exclude Plugin <= 2.0.6.6 is vulnerable to Cross Site Scripting (XSS) CVE-2022-4632 Auto Upload Images cross site scripting CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute