CVE-2025-14538 MEDIUM

CVE-2025-14538: yangshare warehouseManager 仓库管理系统 CustomerManageHandler.java addCustomer cross site scripting

Vendor Yangshare

Product warehouseManager 仓库管理系统

Weakness CWE-79 · XSS

Published December 11, 2025

Last update December 12, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A security vulnerability has been detected in yangshare warehouseManager 仓库管理系统 1.1.0. This affects the function addCustomer of the file CustomerManageHandler.java. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

Key dates

Disclosure timeline

December 11, 2025 CVE published

December 12, 2025 Record updated