CVE-2019-25312

MEDIUM 5.4

InoERP 0.7.2 - Persistent Cross-Site Scripting

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session information.

CWE	CWE-79
Vendor	inoideas
Product	inoerp
Published	Feb 11, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for inoideas inoerp

Be the first to know when new medium vulnerabilities affecting inoideas inoerp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

InoIdeas / InoERP

0.7.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/47428 inoideas.org: http://inoideas.org/ github.com: https://github.com/inoerp/inoERP vulncheck.com: https://www.vulncheck.com/advisories/inoerp-persistent-cross-site-scripting

Credits

strider