CVE-2025-12872

Name of the Vulnerable Software and Affected Versions a+HRD and a+HCM versions (affected versions not specified)

Description The a+HRD and a+HCM applications developed by aEnrich are susceptible to a Stored Cross-Site Scripting issue. Authenticated remote attackers can upload files containing malicious JavaScript code. This code will execute on the client side when a user accesses a specific URL, potentially leading to compromise. The attack involves uploading malicious JavaScript code through files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.