A vulnerability categorized as problematic has been discovered in Devs Palace ERP Online up to 4.0.0 . This vulnerability affects unknown code of the file /accounts/mr-save . Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-8256 . The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.