Cross-Site Scripting Vulnerability in Workcube ERP by Holistic IT, Consultancy Coop
CVE-2024-12796

5.3MEDIUM

Key Information:

Vendor: Holistic It, Consultancy Coop.
Status: Workcube Erp
Vendor: CVE Published:; 16 September 2025

🔔 Create Holistic It, Consultancy Coop. Vulnerability Alert

What is CVE-2024-12796?

A Cross-Site Scripting (XSS) vulnerability exists in Workcube ERP from Holistic IT, Consultancy Coop., affecting versions V12 to V14 (up to 20250916). This vulnerability allows attackers to inject harmful scripts into web pages viewed by other users, potentially leading to data theft or unauthorized actions. Users of Workcube ERP should remain vigilant and apply available security measures to mitigate the risks associated with this flaw.

Affected Version(s)

Workcube ERP V12 - V14 <= 20250916

References

https://www.usom.gov.tr/bildirim/tr-25-0256

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Dec 19, 2024

Credit

Engin AYDOĞAN