CVE-2026-4175
Remote XSS in Aureus ERP Chatter Message Handler Component
Publication date: 2026-03-16
Last updated on: 2026-03-16
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aureuserp | aureus_erp | to 1.3.0-BETA2 (inc) |
| aureuserp | aureus_erp | 1.3.0-BETA1 |
| aureuserp | aureus_erp | to 1.3.0-beta1 (exc) |
| aureuserp | aureus_erp | 1.3.0-beta1 |
| aureus | erp | 1.3.0-beta2 |
| aureus | erp | From 1.3.0-beta1 (inc) |
| aureus | erp | to 1.3.0-BETA2 (inc) |
| aureus | erp | 1.3.0-BETA1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-4175 is a stored cross-site scripting (XSS) vulnerability in the Chatter feature of the Aureus ERP application, specifically in the file content-text-entry.blade.php. The vulnerability arises because user-controlled input in the subject and body fields is rendered without proper sanitization, allowing an authenticated attacker with permissions to create or modify Chatter messages to inject malicious HTML or JavaScript code. This malicious code then executes in the browsers of other users who view the affected messages.'}, {'type': 'paragraph', 'content': "The root cause is the use of Blade's unescaped syntax ({!! ... !!}) to output user input directly, which permits arbitrary script injection. The vulnerability affects Aureus ERP versions up to 1.3.0-BETA2 and can be fixed by upgrading to version 1.3.0-BETA1 or later, which applies sanitization to user inputs before rendering."}] [1, 3, 4, 5]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can impact you by allowing an attacker to execute malicious scripts in the context of your web application users' browsers. Specifically, an attacker who can create or modify Chatter messages can embed scripts that execute when other users view those messages."}, {'type': 'list_item', 'content': 'Session hijacking β attackers can steal session cookies to impersonate users.'}, {'type': 'list_item', 'content': 'Unauthorized actions β malicious scripts can perform actions on behalf of the victim user.'}, {'type': 'list_item', 'content': 'Data exfiltration β sensitive information from the application panel can be stolen.'}, {'type': 'paragraph', 'content': 'Because the attack is stored and persistent, the malicious payload remains in the system until fixed, potentially affecting multiple users over time.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of the vulnerable file path in the Aureus ERP installation: plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php.
Since the vulnerability involves unsafe rendering of user-controlled input in the subject and body fields of Chatter messages, detection can involve checking for unescaped HTML or JavaScript in these fields.
A practical approach to detection includes searching for the vulnerable file or checking the version of Aureus ERP to see if it is up to 1.3.0-BETA2, which is affected.
Google dorking can be used to find vulnerable targets by searching for the vulnerable file path.
No specific network or system commands are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade Aureus ERP to version 1.3.0-BETA1 or later, as this version includes the patch that fixes the vulnerability.
The patch (commit ID: 2135ee7efff4090e70050b63015ab5e268760ec8) sanitizes user input in the vulnerable Blade template files to prevent cross-site scripting.
Applying this patch or upgrading to the fixed version will prevent exploitation of the vulnerability.