Product
jishenghua jsherp
28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-1588
CVE-2026-1549
CVE-2026-1546
CVE-2025-67344
CVE-2025-67341
CVE-2025-51746
CVE-2025-51745
CVE-2025-51744
CVE-2025-51743
CVE-2025-51742
CVE-2025-60800
CVE-2025-60801
CVE-2025-55371
CVE-2025-55370
CVE-2025-55368
CVE-2025-55367
CVE-2025-55366
CVE-2025-8840
CVE-2025-8839
CVE-2025-7948
CVE-2025-7947
CVE-2025-7566
CVE-2024-24003
CVE-2024-24004
CVE-2024-24002
CVE-2024-24001
CVE-2024-24000
CVE-2023-48894
<= 3.6
A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/pl
<= 3.6
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the f
<= 3.6
A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam
<= 3.5
jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint.
<= 3.5
jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF file
<= 2.3.1
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserial
<= 2.3.1
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks.
<= 2.3.1
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks.
<= 2.3.1
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson
<= 2.3.1
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search qu
< 2025-08-07
Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensiti
< 2025-08-14
jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_er
all versions
Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain
all versions
Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obta
all versions
Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrar
all versions
Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbi
all versions
Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset use
all versions
A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of t
all versions
A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of
<= 3.5
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionalit
<= 3.5
A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delet
<= 3.5
A vulnerability has been found in jshERP up to 3.5 and classified as critical. This vulnerability affects the function exportExcel
all versions
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo fin
all versions
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo fin
all versions
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getL
all versions
jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo
all versions
jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file
all versions
Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function.