CVE-2025-22917

Name of the Vulnerable Software and Affected Versions Audemium ERP versions <=0.9.0

Description A reflected cross-site scripting (XSS) issue allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user. This is achieved by including a malicious payload into the type parameter of "list.php".

Recommendations For Audemium ERP versions <=0.9.0, consider disabling access to the "list.php" endpoint until a patch is available. Restrict input for the type parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.