A vulnerability was found in Devs Palace ERP Online up to 4.0.0 . It has been rated as problematic . This affects an unknown part of the file /inventory/add_new_customer . This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-8255 . The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.