CVE-2019-25312

Name of the Vulnerable Software and Affected Versions InoERP version 0.7.2

Description InoERP version 0.7.2 has a persistent cross-site scripting issue in the comment section. Unauthenticated attackers can inject malicious scripts, such as JavaScript payloads, through comments. These scripts execute in other users' browsers, potentially leading to the theft of cookies and session information.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the comment section until a patch is available.