Browse all 4 CVE security advisories affecting Bjskzy. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bjskzy is a software component primarily used for web application development and content management. Historically, it has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues. The component's security posture has been marked by consistent patterns of input validation failures and insufficient access controls. While no major public security incidents have been widely documented, the presence of four CVEs indicates ongoing security challenges that require careful implementation and regular patching. Organizations using this component should prioritize security hardening and continuous monitoring to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1218 | Bjskzy Zhiyou ERP com.artery.richclient.RichClientService RichClientService.class initRCForm xml external entity reference — Zhiyou ERPCWE-611 | 6.3 | Medium | 2026-01-20 |
| CVE-2025-11140 | Bjskzy Zhiyou ERP com.artery.richclient.RichClientService openForm xml external entity reference — Zhiyou ERPCWE-611 | 7.3 | High | 2025-09-29 |
| CVE-2025-11139 | Bjskzy Zhiyou ERP com.artery.form.services.FormStudioUpdater uploadStudioFile path traversal — Zhiyou ERPCWE-22 | 6.3 | Medium | 2025-09-29 |
| CVE-2025-9391 | Bjskzy Zhiyou ERP com.artery.workflow.ServiceImpl getFieldValue sql injection — Zhiyou ERPCWE-89 | 6.3 | Medium | 2025-08-24 |
This page lists every published CVE security advisory associated with Bjskzy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.