CVE-2026-8255 | Devs Palace ERP Online up to 4.0.0 add_new_customer cross site scripting

Inserito da Angelo Barbosa | Mag 10, 2026 | CVE

A vulnerability was found in Devs Palace ERP Online up to 4.0.0. It has been rated as problematic. This affects an unknown part of the file /inventory/add_new_customer. This manipulation causes cross site scripting.

This vulnerability is handled as CVE-2026-8255. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8255 | Devs Palace ERP Online up to 4.0.0 add_new_customer cross site scripting

Post correlati

CVE-2025-2045 | GitLab Enterprise Edition up to 17.7.5/17.8.3/17.9.0 authorization (Issue 512050)

CVE-2026-30457 | Daylight Studio FuelCMS 1.5.2 /parser/dwoo privilege escalation

CVE-2024-47909 | Ivanti Connect Secure/Policy Secure up to 22.7R2.2 stack-based overflow

CVE-2025-23058 | HPE Aruba Networking ClearPass Policy Manager up to 6.11.9/6.12.3 Web-based Management Interface improper authentication