CVE-2026-4175

LOW SEVERITY

CVSS Score & Metrics

Base Score

3.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N                                    

Vulnerability Description

A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of the argument subject/body can lead to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.0-BETA1 is sufficient to fix this issue. This patch is called 2135ee7efff4090e70050b63015ab5e268760ec8. It is suggested to upgrade the affected component.

Vulnerability Details

Published Date

March 16, 2026

Last Modified

March 16, 2026

CWE ID

CWE-79

Source

NVD

External References

https://github.com/aureuserp/aureuserp/commit/2135ee7efff4090e70050b63015ab5e268760ec8
https://github.com/aureuserp/aureuserp/pull/939
https://github.com/aureuserp/aureuserp/releases/tag/v1.3.0-BETA1
https://vuldb.com/?ctiid.351083
https://vuldb.com/?id.351083
https://vuldb.com/?submit.769827

CVE-2026-4175

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment