Yonyou: community verdicts
7 notable / known-exploited Yonyou CVEs the community has triaged.
- CVE-2022-26263MED 6.1EPSS 38%
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.
- CVE-2023-51906CRIT 9.8Real · low riskEPSS 1%
An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component.
- CVE-2023-51925CRIT 9.8Real · low riskEPSS 1%
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2023-51928CRIT 9.8Real · low riskEPSS 1%
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2023-51924CRIT 9.8Real · low riskEPSS 1%
An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2023-51927CRIT 9.8Real · low riskEPSS 1%
YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method.
- CVE-2023-51926HIGH 7.5Real · low riskEPSS 1%
YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.