Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/05/11 8:27 p.m.11 views

CVE-2026-8221

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacte...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/10 3:33 a.m.10 views

EUVD-2026-28956

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacte...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References5
NVD
NVD
added 2026/05/10 3:16 a.m.18 views

CVE-2026-8221

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacte...

4.8CVSS0.00202EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/10 2:15 a.m.5 views

CVE-2026-8221

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacte...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/10 2:15 a.m.43 views

CVE-2026-8221 Devs Palace ERP Online item-save cross site scripting

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacte...

4.8CVSS0.00202EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/10 2:15 a.m.7 views

CVE-2026-8221 Devs Palace ERP Online item-save cross site scripting

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacte...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.13 views

PT-2026-39439

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacte...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from an unknown function in the...

4.8CVSS5.6AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.3 views

CVE-2026-34383

Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's itemsave endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user ca...

4.3CVSS5.9AI score0.00133EPSS
Exploits1References1
OSV
OSV
added 2026/03/31 11:11 p.m.4 views

GHSA-4RWM-C5MJ-WH7X Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

Summary The inventory module's itemsave endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user can craft a direct POST request to save arbitrary inventory item data...

4.3CVSS6AI score0.00133EPSS
Exploits1References4
OSV
OSV
added 2026/03/31 8:33 p.m.4 views

CVE-2026-34383 Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's itemsave endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user ca...

4.3CVSS5.9AI score0.00133EPSS
Exploits1References4
Rows per page
Query Builder