Devs Palace ERP Online Cross-Site Scripting Vulnerability in Purchase Return Save Function

A cross-site scripting vulnerability has been identified in Devs Palace ERP Online versions prior to 4.0.0. The issue arises in an unknown function within the file '/inventory/purchase_return_save', where improper input handling allows for the injection of malicious scripts. This vulnerability can be exploited remotely, and public proof-of-concept evidence is available.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.