PT-2025-12681 · Timschofield · Weberp

Jelle Janssens

Publicado

2025-03-24

Atualizado

2025-03-25

CVE-2025-2715

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions timschofield webERP versions up to 5.0.0.rc+13

Description A problematic vulnerability has been found in timschofield webERP, affecting an unknown part of the file ConfirmDispatch Invoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the Narrative argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, it is recommended to apply a patch. As a temporary workaround, consider restricting access to the ConfirmDispatch Invoice.php file or disabling the manipulation of the Narrative argument until a patch is available.

Exploit

Correção

XSS

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79CWE-94

Identificadores relacionados

CVE-2025-2715

Produtos afetados

Weberp

PT-2025-12681 · Timschofield · Weberp

CVE-2025-2715

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10