Gems Erp Portal
Monthly
Reflected cross-site scripting (XSS) in Advaya Softech GEMS ERP Portal versions up to 2.1 allows remote attackers to inject malicious scripts via the Message parameter in /home.jsp?isError=true, exploitable without authentication or user interaction beyond viewing a crafted link. Public exploit code is available, though the CVSS score of 2.1 reflects limited integrity impact and requirement for user interaction; the vulnerability is unlikely to see widespread exploitation despite public disclosure due to low EPSS score (0.05%).
A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Reflected cross-site scripting (XSS) in Advaya Softech GEMS ERP Portal versions up to 2.1 allows remote attackers to inject malicious scripts via the Message parameter in /home.jsp?isError=true, exploitable without authentication or user interaction beyond viewing a crafted link. Public exploit code is available, though the CVSS score of 2.1 reflects limited integrity impact and requirement for user interaction; the vulnerability is unlikely to see widespread exploitation despite public disclosure due to low EPSS score (0.05%).
A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.