Browse all 4 CVE security advisories affecting Hundred Plus. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Hundred Plus is a software platform primarily used for enterprise resource planning and workflow automation. Historically, the application has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its four recorded CVEs. The platform's security posture has been marked by inconsistent input validation and insufficient access controls in its administrative interfaces. While no major public security incidents have been documented, the pattern of vulnerabilities suggests potential risks for organizations relying on Hundred Plus for critical business operations, particularly in environments where unpatched instances are exposed to untrusted networks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-12867 | Hundred Plus|EIP Plus - Arbitrary File Uplaod — EIP PlusCWE-434 | 7.2 | High | 2025-11-10 |
| CVE-2025-12866 | Hundred Plus|EIP Plus - Weak Password Recovery Mechanism — EIP PlusCWE-640 | 9.8 | Critical | 2025-11-10 |
| CVE-2021-32539 | Hundred Plus 101EIP - Stored XSS-1 — 101EIPCWE-79 | 5.4 | Medium | 2021-05-28 |
| CVE-2021-32540 | Hundred Plus 101EIP - Stored XSS-2 — 101EIPCWE-79 | 5.4 | Medium | 2021-05-28 |
This page lists every published CVE security advisory associated with Hundred Plus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.