What is CVE-2026-6651?

CVE-2026-6651 is a low-severity vulnerability in Erponline.xyz Erp Online, classified under Cross-site Scripting. CVSS score: 2.4/10. Published 2026-04-20.

How severe is CVE-2026-6651?

Low severity. CVSS v3 base score is 2.4 out of 10.

RCE in Erponline.xyz Erp Online

CVE-2026-6651

A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (10.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.4 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N.

Affected products

Erponline.xyz Erp Online — versions 4.0

Weakness classification (CWE)

References

VDB-358285 | erponline.xyz ERP Online Inventory Edit Item cross site scripting (technical-description, vdb-entry)
VDB-358285 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #793806 | Devs Palace ERP Online 4.0.0 Code Injection (third-party-advisory)
cna@vuldb.com (exploit)

Frequently asked questions

What is CVE-2026-6651?: CVE-2026-6651 is a low-severity vulnerability in Erponline.xyz Erp Online, classified under Cross-site Scripting. CVSS score: 2.4/10. Published 2026-04-20.
How severe is CVE-2026-6651?: Low severity. CVSS v3 base score is 2.4 out of 10.