Every CVE whose affected-product data names Huaxiaerp Jsherp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2024-24000 — CVSS 9.8 (critical): jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type…
CVE-2023-48894 — CVSS 6.5 (medium): Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function.