CVE-2026-8253

Name of the Vulnerable Software and Affected Versions Devs Palace ERP Online versions prior to 4.0.0

Description A cross-site scripting issue exists in the '/inventory/purchase save' file. This flaw allows a remote attacker to execute malicious scripts by manipulating an unknown functionality within that file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.