CVE-2026-8220

CVSS v3.1

2.4

Low

Vector

AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2026-8220

Affected Products

Erp Online

CVE-2026-8220

Weakness Enumeration

Related Identifiers

Affected Products

References · 5