PT-2026-5417 · Openz Erp · Openz Erp
Published
2026-01-30
·
Updated
2026-01-30
·
CVE-2020-37022
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OpenZ ERP version 3.6.60
Description
The software contains a persistent cross-site scripting issue within the Employee module. Specifically, the
name and description parameters are susceptible to malicious script injection through POST requests. Successful exploitation could allow attackers to hijack sessions and manipulate application modules.Recommendations
Apply updates to address the issue in the Employee module's name and description parameters. As a temporary workaround, sanitize all input to the
name and description parameters within the Employee module.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openz Erp