Syan

**Name of the Vulnerable Software and Affected Versions** Advaya Softech GEMS ERP Portal versions up to 2.1 **Description** A security issue exists in Advaya Softech GEMS ERP Portal. The issue is related to cross site scripting, occurring through manipulation of the `Message` argument within the Error Message Handler component. The affected file is `/home.jsp?isError=true`. The attack can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Versions prior to 2.1 should be updated.