CVE-2023-25241

## Vulnerability bgERP version 22.31 suffers from a reflected cross-site scripting (XSS) vulnerability in the Search parameter of the /Portal/Show endpoint [2]. An attacker can inject arbitrary HTML and JavaScript via this parameter, which is reflected in the page without proper sanitization.

Exploitation

An attacker can craft a malicious URL containing a payload in the Search parameter and trick a logged-in user into clicking it [2]. No authentication is required to trigger the reflection, but the victim must be authenticated for the attack to leverage their session. The PoC URL demonstrates injecting an anchor tag with an image source that triggers a request to an attacker-controlled server.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser, potentially stealing session cookies, performing actions on behalf of the user, or defacing the page [2]. This can lead to full account compromise and data exposure.

Mitigation

As of the available references, no official patch has been released. Users should sanitize user input in the Search parameter, implement Content Security Policy headers, and consider upgrading to a newer version if available. The vendor may have addressed this in later releases, but no specific fixed version is mentioned.