CVE-2026-4175 | Aureus ERP up to 1.3.0-BETA2 Chatter Message content-text-entry.blade.php subject/body cross site scripting

A vulnerability was found in Aureus ERP up to 1.3.0-BETA2 and classified as problematic. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of the argument subject/body can lead to cross site scripting.

This vulnerability is tracked as CVE-2026-4175. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.

CVE-2026-4175 | Aureus ERP up to 1.3.0-BETA2 Chatter Message content-text-entry.blade.php subject/body cross site scripting

Post correlati

CVE-2022-40733 | Microsoft Windows 11/Server 2022 win32kbase.sys DirectComposition null pointer dereference (TALOS-2022-1515)

CVE-2023-51084 | hyavijava 6.0.07.1 ResultConverter.convert2Xml stack-based overflow (Issue 12)

CVE-2024-30161 | Qt up to 6.5.5/6.6.2 wasm memory corruption

CVE-2024-35916 | Linux Kernel up to 6.1.84/6.6.25/6.8.4 dma-buf sanitycheck null pointer dereference