CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/10 11:45 p.m.•5 views

CVE-2026-8254

A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/salessave. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the...

4.8CVSS4.2AI score0.00253EPSS

Exploits0References4Affected Software1

CVE•added 2026/05/10 11:45 p.m.•21 views

CVE-2026-8254

Dev@ ERP Online (vulnerable up to 4.0.0) has a cross-site scripting flaw in the /inventory/sales_save endpoint. The issue arises from manipulation of that function, enabling remote exploitation with user interaction required for triggering. Public PoC/exploit appears to exist per sources; vendor ...

4.8CVSS4.2AI score0.00253EPSS

ATTACKERKB•added 2026/05/10 11:30 p.m.•9 views

CVE-2026-8253

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/10 11:30 p.m.•6 views

CVE-2026-8253 Devs Palace ERP Online purchase_save cross site scripting

Cvelist•added 2026/05/10 11:30 p.m.•62 views

CVE-2026-8253 Devs Palace ERP Online purchase_save cross site scripting

4.8CVSS0.00202EPSS

CVE•added 2026/05/10 11:30 p.m.•21 views

CVE-2026-8253

Devs Palace ERP Online (up to v4.0.0) contains an XSS vulnerability in the /inventory/purchase_save functionality. The issue arises from manipulation of an unknown component, allowing remote initiation of an attack. Exploit appears to be public. Vendor has not responded to disclosures. No remedia...

4.8CVSS4.1AI score0.00206EPSS

EUVD-2026-28954

A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affected element is an unknown function of the file /inventory/purchasereturnsave. Executing a manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the...

Exploits0References6

EUVD-2026-28956

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacte...

EUVD-2026-28957

A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted ear...

4.8CVSS4.2AI score0.00258EPSS

EUVD-2026-28955

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. The impacted element is an unknown function of the file /inventory/supplier-save. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicl...