Timo Sarkar

**Name of the Vulnerable Software and Affected Versions** Audemium ERP versions <=0.9.0 **Description** A reflected cross-site scripting (XSS) issue allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user. This is achieved by including a malicious payload into the `type` parameter of "list.php". **Recommendations** For Audemium ERP versions <=0.9.0, consider disabling access to the "list.php" endpoint until a patch is available. Restrict input for the `type` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.