CVE-2025-13178

Name of the Vulnerable Software and Affected Versions Bdtask/CodeCanyon SalesERP versions up to 20250728

Description A security issue exists in Bdtask/CodeCanyon SalesERP. The issue is related to the User Profile Handler component and specifically affects code within the /edit profile file. Manipulation of the first name/last name arguments can lead to basic cross site scripting. This manipulation is possible remotely. The exploit has been published.

Recommendations Versions prior to 20250728 should be updated. As a temporary workaround, consider restricting or carefully validating the first name and last name parameters in the /edit profile file.