CVE-2026-4175

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-4175

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4175.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-4175

Aliases

GHSA-76c2-3q6g-xvpm

Published

2026-03-16T14:19:58.163Z

Modified

2026-04-02T13:32:39.440020Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of the argument subject/body can lead to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.0-BETA1 is sufficient to fix this issue. This patch is called 2135ee7efff4090e70050b63015ab5e268760ec8. It is suggested to upgrade the affected component.

References

Affected packages

Git / github.com/aureuserp/aureuserp

Affected ranges

Type: GIT
Repo: https://github.com/aureuserp/aureuserp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2135ee7efff4090e70050b63015ab5e268760ec8

Affected versions

v1.*

v1.0.0

v1.1.0

v1.2.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4175.json"