Reflected Cross-site Scripting Vulnerability in a+HRD by aEnrich Technology
CVE-2025-0583

6.1MEDIUM

Key Information:

Vendor: Aenrich Technology
Status: A+hrd
Vendor: CVE Published:; 20 January 2025

🔔 Create Aenrich Technology Vulnerability Alert

What is CVE-2025-0583?

The a+HRD application from aEnrich Technology contains a reflected cross-site scripting vulnerability that enables unauthenticated attackers to execute arbitrary JavaScript code within the web browser of unsuspecting users. This flaw is commonly exploited via phishing attacks, allowing malicious actors to perform unauthorized actions on behalf of the user, potentially compromising sensitive information and user credentials.

Affected Version(s)

a+HRD 0 <= 7.5

References

https://www.twcert.org.tw/tw/cp-132-8368-1e317-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8369-cf396-2.html

third-party-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2025
Vulnerability Reserved
Jan 20, 2025

CVE-2025-0583 Data

JSON