CVE-2026-4175

MEDIUM EPSS 16.6%
Published Mar 16, 20263mo ago · Modified Apr 22, 20262mo ago
5.1 CVSS 4.0
Medium
Find Similar
Published Mar 16, 2026 3mo ago
Last Modified Apr 22, 2026 2mo ago

Description

A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of the argument subject/body can lead to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.0-BETA1 is sufficient to fix this issue. This patch is called 2135ee7efff4090e70050b63015ab5e268760ec8. It is suggested to upgrade the affected component.

CVSS Details

Base Score
5.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
16.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-79 Cross-site Scripting Injection
CWE-94 Improper Control of Generation of Code (Code Injection) Injection

References 6

  • github.com https://github.com/aureuserp/aureuserp/commit/2135ee7efff4090e70050b63015ab5e268760ec8
  • github.com https://github.com/aureuserp/aureuserp/pull/939
  • github.com https://github.com/aureuserp/aureuserp/releases/tag/v1.3.0-BETA1
  • vuldb.com https://vuldb.com/?ctiid.351083
  • vuldb.com https://vuldb.com/?id.351083
  • vuldb.com https://vuldb.com/?submit.769827

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.