CVE-2020-37022

Description

OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules.

PUBLISHED Reserved 2026-01-28 | Published 2026-01-30 | Updated 2026-01-30 | Assigner VulnCheck

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Benjamin Kunz Mejri finder

References

www.exploit-db.com/exploits/48450 (ExploitDB-48450) exploit

www.openz.de/ (OpenZ Official Website) product

www.openz.de/download.html (OpenZ Download Page) product

www.vulnerability-lab.com/get_content.php?id=2234 (Vulnerability Lab Advisory) third-party-advisory

www.vulncheck.com/...enz-erp-persistent-cross-site-scripting (VulnCheck Advisory: OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting) third-party-advisory

cve.org (CVE-2020-37022)

nvd.nist.gov (CVE-2020-37022)

Download JSON