CVE-2026-8254 in ERP Onlineinformación

Resumen

por MITRE • 2026-05-11

A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/sales_save. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulDB

Divulgación

2026-05-11

Moderación

aceptado

Artículo

VDB-362551

CPE

listo

CWE

CWE-79 (confirmado)

Explotación

Descargar

CVSS

2.4 (VulDB)

EPSS

0.00010

KEV

Actividades

muy bajo

Sector

Lawfirm, Finance, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-8254
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-8254
CVE Details	https://www.cvedetails.com/cve/CVE-2026-8254/

◂ Anterior Visión De Conjunto Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!