Skip to main content

Devs Palace ERP Online CVE-2026-8219

| EUVD-2026-28955 LOW
Cross-site Scripting (XSS) (CWE-79)
2026-05-10 VulDB GHSA-32mp-3hhq-7ffx
XSS
1.9
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
P
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 10, 2026 - 02:29 vuln.today
CVSS changed
May 10, 2026 - 02:22 NVD
2.4 (LOW) 1.9 (LOW)
CVE Published
May 10, 2026 - 01:45 nvd
LOW 1.9

DescriptionNVD

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. The impacted element is an unknown function of the file /inventory/supplier-save. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stored cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /inventory/supplier-save endpoint, affecting data integrity and confidentiality of other users viewing the supplier data. The vulnerability requires user interaction (UI:P) and high-level privileges (PR:H), limiting its exploitation scope; however, publicly available exploit code exists and the vendor has not responded to disclosure.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-8219 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy