QwikSec

Security Database

CVE

CWE

Training

CVE-2026-4175

Published: Mar 15, 2026

Modified: Mar 17, 2026

PUBLISHED

CVSS v3.1

3.5

LOW

Description

A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of the argument subject/body can lead to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.0-BETA1 is sufficient to fix this issue. This patch is called 2135ee7efff4090e70050b63015ab5e268760ec8. It is suggested to upgrade the affected component.

Vendor	Product	Versions
Aureus	ERP	affected `1.3.0-BETA2` unaffected `1.3.0-BETA1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

VDB-351083 | Aureus ERP Chatter Message content-text-entry.blade.php cross site scripting

vdb-entry

technical-description

VDB-351083 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

Submit #769827 | aureuserp 51b975a Cross Site Scripting

third-party-advisory

https://github.com/aureuserp/aureuserp/pull/939

issue-tracking

patch

https://github.com/aureuserp/aureuserp/commit/2135ee7efff4090e70050b63015ab5e268760ec8

patch

https://github.com/aureuserp/aureuserp/releases/tag/v1.3.0-BETA1

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.