CVE-2019-25312

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.4 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N                                    

Vulnerability Description

InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session information.

Vulnerability Details

Published Date

February 11, 2026

Last Modified

February 11, 2026

CWE ID

CWE-79

Source

NVD

Vendor

InoIdeas

Product

InoERP

External References

http://inoideas.org/
https://github.com/inoerp/inoERP
https://www.exploit-db.com/exploits/47428
https://www.vulncheck.com/advisories/inoerp-persistent-cross-site-scripting

CVE-2019-25312

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment