| عنوان | Devs Palace ERP Online 4.0.0 Code Injection |
|---|
| الوصف | A vulnerability was determined in ERP Online up to 4.0.0. The impacted element is a component that processes user-supplied input in an improper manner. The manipulation of this input can lead to a stored cross-site scripting (XSS) condition. This allows attackers to inject malicious scripts that are stored by the application and later executed in the context of other users. The attack can be initiated remotely and may affect multiple users over time with high impact. |
|---|
| المصدر | ⚠️ https://olografix.org/acme/ERP_Online-POC.gif |
|---|
| المستخدم | acme (UID 61097) |
|---|
| ارسال | 31/03/2026 06:21 PM (21 أيام منذ) |
|---|
| الاعتدال | 20/04/2026 07:55 AM (20 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 358285 [erponline.xyz ERP Online حتى 4.0.0 Inventory Edit Item Page Item Name البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|