CVE-2026-8254

Name of the Vulnerable Software and Affected Versions Devs Palace ERP Online versions prior to 4.0.0

Description A cross-site scripting issue exists in the '/inventory/sales save' file. This flaw allows a remote attacker to execute malicious scripts via the manipulation of unknown functionality within that file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.