{"vulnerability": "cve-2026-8253", "sightings": [{"uuid": "107b3f5d-94d2-4010-b9ba-285bcd44dff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-8253", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116552999803024611", "content": "\u26a0\ufe0f CVE-2026-8253: MEDIUM severity XSS in Devs Palace ERP Online v4.0.0 via /inventory/purchase_save. No patch; vendor unresponsive. Apply WAF rules & restrict access. Details: https://radar.offseq.com/threat/cve-2026-8253-cross-site-scripting-in-devs-palace--7f918dea #OffSeq #XSS #ERP #Vuln", "creation_timestamp": "2026-05-11T00:00:40.526691Z"}, {"uuid": "6b93566a-6c34-49d1-9bae-0e594cd2a875", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-8253", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mljxryaweh2g", "content": "Devs Palace ERP Online 4.0 hit by MEDIUM XSS (CVE-2026-8253) in /inventory/purchase_save. No patch \u2014 use WAF rules & restrict privileged access. Monitor for updates: https://radar.offseq.com/threat/cve-2026-8253-cross-site-scripting-in-devs-palace--7f918dea #OffSeq #XSS #ERPSecurity", "creation_timestamp": "2026-05-11T00:00:42.234171Z"}, {"uuid": "676aebbe-6d0e-4804-ada4-0bc945165283", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8253", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlkdjhfyx72h", "content": "CVE-2026-8253 - Devs Palace ERP Online purchase_save cross site scripting\nCVE ID : CVE-2026-8253\n \n Published : May 11, 2026, 12:16 a.m. | 2\u00a0hours, 13\u00a0minutes ago\n \n Description : A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerabil...", "creation_timestamp": "2026-05-11T03:30:39.788372Z"}]}