These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-8221 is a remote cross-site scripting issue reported in Devs Palace ERP Online up to 4.0.0, affecting the /inventory/item-save path. The NVD record also cites public proof-of-concept references, so affected organizations should treat the issue as publicly documented even though the scored impact is low.
CVE-2026-8220 describes a remote cross-site scripting issue in Devs Palace ERP Online up to 4.0.0, affecting an unknown function under /inventory/customer-save. The source corpus says the exploit is public, which raises practical risk even though the listed CVSS score is low (1.9). The NVD record also maps the issue to CWE-79 and CWE-94, and the vector indicates network access with user interaction and hi [truncated]
CVE-2026-8219 was published on 2026-05-10 and describes a cross-site scripting issue affecting Devs Palace ERP Online up to 4.0.0, specifically in an unknown function of /inventory/supplier-save. The record indicates remote exploitation is possible and that a public proof-of-concept reference exists. Although the CVSS score is low (1.9), the NVD vector shows the attack requires high privileges and user in [truncated]
CVE-2026-8218 describes a remotely launchable cross-site scripting issue affecting Devs Palace ERP Online up to version 4.0.0, with the affected area identified as /inventory/purchase_return_save. The NVD record rates the issue LOW and cites public reference material, including a PoC image and VulDB submissions. The source description also states that the vendor was contacted early and did not respond.