A vulnerability classified as problematic was found in Devs Palace ERP Online up to 4.0.0 . This impacts an unknown function of the file /accounts/chart-save . Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-8262 . The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.