A vulnerability was found in Devs Palace ERP Online up to 4.0.0 . It has been classified as problematic . This impacts an unknown function of the file /inventory/item-save . This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-8221 . The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.