Advaya Softech GEMS ERP Portal Error Message home.jsp cross site...

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Advaya Softech GEMS ERP Portal up to 2.1. This affects an unknown part of the file /home.jsp?isError=true of the component Error Message Handler. The manipulation of the argument Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-15170

Source VulDB

Published Dec 29, 2025 at 03:32

Affected Product

Vendor Advaya Softech

Product GEMS ERP Portal

Version 2.0

Affected Versions Advaya Softech GEMS ERP Portal 2.0
Advaya Softech GEMS ERP Portal 2.1

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Advaya Softech GEMS ERP Portal up to 2.1. This affects an unknown part of the file /home.jsp?isError=true of the component Error Message Handler. The manipulation of the argument Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-29T03:32:07.618Z",
    "modified": "2025-12-29T03:32:07.618Z",
    "type": "cve",
    "title": "Advaya Softech GEMS ERP Portal Error Message home.jsp cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338550\nhttps://vuldb.com/?ctiid.338550\nhttps://vuldb.com/?submit.717590\nhttps://syansec.in/video_poc/cve_2025.mp4",
    "id": "CVE-2025-15170",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "Advaya Softech GEMS ERP Portal 2.0\nAdvaya Softech GEMS ERP Portal 2.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GEMS ERP Portal",
    "version": "2.0",
    "vendor": "Advaya Softech",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Advaya Softech GEMS ERP Portal Error Message home.jsp cross site scripting_CVE-2025-15170