CNNVD-202602-1934 Information

CNNVD ID

CNNVD-202602-1934

Related CVE

CVE-2019-25312

• CNNVD Published: 2026-02-11

Description (Chinese)

inoERP是Nishit个人开发者的一套基于PHP的开源企业管理系统。 inoERP 0.7.2版本存在跨站脚本漏洞，该漏洞源于评论部分存在存储型跨站脚本，可能导致未经验证的攻击者注入恶意脚本，窃取cookie和会话信息。

Description (English)

INORP is a PHP-based open-source enterprise management system for Nishit personal developers. InoERP version 0.7.2 has a cross-site script loophole, which stems from the existence of a stored cross-site script in the commentary section, which may result in unverified assailants injecting malicious scripts, stealing cookies and session information.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2026-02-11

Last Modified

2026-02-24

References

http://inoideas.org/ https://github.com/inoerp/inoERP https://www.exploit-db.com/exploits/47428 https://www.vulncheck.com/advisories/inoerp-persistent-cross-site-scripting