Horizon Alert
Summary of the vulnerability and why it matters
A cross-site scripting vulnerability was found in an ERP system component, allowing attackers to potentially inject malicious scripts into the application. This could impact user interactions and data integrity within the system. The main concern is confirming relevance and exposure.
- Injecting scripts can alter user experience.
- ERP systems often handle critical business data.
- Confirm relevance and exposure within our systems.
Attack Path
How an attacker could exploit the issue
An attacker could target users of Sankhya ERP systems by sending them a specially crafted link. If a user clicks this link, their browser would be vulnerable to cross-site scripting, allowing the attacker to potentially compromise the user's session and access sensitive information.
- Requires authenticated, low-privilege access.
- Triggered via a malicious link in the inbox.
- High risk of account takeover and data theft.
Live Threat
Current exploitation, exposure, and threat context
A cross-site scripting vulnerability in the Caixa de Entrada component could allow an attacker to inject malicious scripts into the application when supported by the advisory. This could potentially affect user sessions and data displayed within the ERP system.
- User session data
- Via user interaction with a crafted link
- Unauthorized access or data modification
Operational Fix
Recommended remediation, mitigation, and detection steps
This vulnerability impacts Sankhya ERP, a business-critical application. Responsibility for addressing it likely falls to the ERP application owners and platform or infrastructure teams responsible for its hosting and maintenance. The immediate priority is to identify all instances of the affected Sankhya ERP system, determine their exposure and business criticality, and confirm the accountable owner before planning remediation.
- ERP application and platform teams own remediation.
- Verify reachability and business criticality first.
- Plan maintenance and coordinate vendor updates.