CVE-2020-37022 – OpenZ ERP 3.6.60 – Persistent Cross-Site Scripting

CVE ID : CVE-2020-37022

Published : Jan. 30, 2026, 4:16 p.m. | 54 minutes ago

Description : OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module’s name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-1690 – Tenda HG10 formSysCmd system command injection

CVE-2026-1689 – Tenda HG10 Login formLogin checkUserFromLanOrWan command injection

CVE-2020-37060 – Atomic Alarm Clock x86 6.3 – ‘AtomicAlarmClock’ Unquoted Service Path

CVE-2020-37059 – Popcorn Time 6.2 – ‘Update service’ Unquoted Service Path