Vulnerability Description
A security vulnerability has been detected in Advaya Softech GEMS ERP Portal up to 2.1. This affects an unknown part of the file /home.jsp?isError=true of the component Error Message Handler. The manipulation of the argument Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advayasoftech | Gems Erp Portal | <= 2.1 |
Related Weaknesses (CWE)
References
- https://syansec.in/video_poc/cve_2025.mp4Exploit
- https://vuldb.com/?ctiid.338550Permissions RequiredVDB Entry
- https://vuldb.com/?id.338550Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.717590Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-15170?
CVE-2025-15170 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A security vulnerability has been detected in Advaya Softech GEMS ERP Portal up to 2.1. This affects an unknown part of the file /home.jsp?isError=true of the component Error Message Handler. The mani...
How severe is CVE-2025-15170?
CVE-2025-15170 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15170?
Check the references section above for vendor advisories and patch information. Affected products include: Advayasoftech Gems Erp Portal.