CVE-2021-30171

Name of the Vulnerable Software and Affected Versions ERP POS (affected versions not specified)

Description The issue allows remote authenticated attackers to inject malicious JavaScript due to unfiltered special characters in users' input on the news page, leading to stored XSS attacks. This enables access and manipulation of customer information.

Recommendations For ERP POS, consider temporarily disabling the news page feature until a patch is available to prevent stored XSS attacks. Restrict access to customer information to minimize the risk of exploitation. Avoid using the news page for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.