CVE-2026-6651

CVSS v2.0

3.3

Low

Vector

AV:N/AC:L/Au:M/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ERP Online versions prior to 4.0.0

Description A cross site scripting flaw exists in the Inventory Edit Item Page component. Remote attackers can exploit this by manipulating the Item Name argument.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2026-6651

Affected Products

Erp Online

CVE-2026-6651

Weakness Enumeration

Related Identifiers

Affected Products

References · 7