| タイトル | Devs Palace ERP Online 4.0.0 Code Injection in "inventory/customer-save" |
|---|
| 説明 | A vulnerability was determined in ERP Online up to 4.0.0. The impacted element is the component "inventory/customer-save" that processes user-supplied input in an improper manner. The manipulation of this input can lead to a stored cross-site scripting (XSS) condition. This allows attackers to inject malicious scripts that are stored by the application and later executed in the context of other users. The attack can be initiated remotely and may affect multiple users over time with high impact.
|
|---|
| ソース | ⚠️ https://olografix.org/acme/_poc/ERP_Online-POC1.gif |
|---|
| ユーザー | acme (UID 61097) |
|---|
| 送信 | 2026年04月20日 17:39 (2 月 ago) |
|---|
| モデレーション | 2026年05月09日 09:25 (19 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 362437 [Devs Palace ERP Online 迄 4.0.0 /inventory/customer-save クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|