PT-2025-12681 · Timschofield · Weberp

Jelle Janssens

Published

2025-03-24

Updated

2025-03-25

CVE-2025-2715

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions timschofield webERP versions up to 5.0.0.rc+13

Description A problematic vulnerability has been found in timschofield webERP, affecting an unknown part of the file ConfirmDispatch Invoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the Narrative argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, it is recommended to apply a patch. As a temporary workaround, consider restricting access to the ConfirmDispatch Invoice.php file or disabling the manipulation of the Narrative argument until a patch is available.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-2715

Affected Products

Weberp

PT-2025-12681 · Timschofield · Weberp

CVE-2025-2715

Weakness Enumeration

Related Identifiers

Affected Products

References · 10