CVE-2026-8253 | Devs Palace ERP Online up to 4.0.0 /inventory/purchase_save cross site scripting

Inserito da Angelo Barbosa | Mag 10, 2026 | CVE

A vulnerability was found in Devs Palace ERP Online up to 4.0.0. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the file /inventory/purchase_save. The manipulation leads to cross site scripting.

This vulnerability is traded as CVE-2026-8253. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8253 | Devs Palace ERP Online up to 4.0.0 /inventory/purchase_save cross site scripting

Post correlati

CVE-2024-0676 | Lamassu Bitcoin ATM Douro Machine 7.1 weak password

CVE-2024-31930 | Pdfcrowd Save as PDF Plugin up to 3.2.1 on WordPress cross site scripting

CVE-2024-11889 | My IDX Home Search Plugin up to 2.0.1 on WordPress cross site scripting

CVE-2024-1932 | freescout-helpdesk freescout unrestricted upload