Volerion logoVolerion
Volerion logoVolerion

Devs Palace ERP Online Cross-Site Scripting Vulnerability in Purchase Save Functionality

Vulnerability

A cross-site scripting vulnerability has been identified in Devs Palace ERP Online versions prior to 4.0.0. The issue arises from an unknown functionality in the file '/inventory/purchase_save', where improper input handling allows for the injection of malicious scripts. This vulnerability can be exploited remotely, and public proof-of-concept evidence is available.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Added: May 11, 2026, 12:18 AM
Updated: May 11, 2026, 12:18 AM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
1.7
exploitability
7.7
remediation
0.0
relevance
8.0
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.