CVE-2021-30170

Name of the Vulnerable Software and Affected Versions ERP POS (affected versions not specified)

Description The issue concerns a stored Cross-site scripting (XSS) attack. It occurs because special characters in the ERP POS customer profile page are not filtered from users' input. This allows remote authenticated attackers to inject malicious JavaScript, enabling them to access and manipulate customer information.

Recommendations For ERP POS, as a temporary workaround, consider disabling the customer profile page editing functionality until a patch is available. Restrict access to the customer profile page to minimize the risk of exploitation. Avoid using the customer profile page for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.