CVE-2025-15170 is a cross-site scripting vulnerability identified in Advaya Softech's GEMS ERP Portal, affecting versions 2.0 and 2.1. The vulnerability resides in the error message handler component, specifically in the /home.jsp?isError=true endpoint, where the 'Message' parameter is not properly sanitized or encoded before being reflected in the response. This improper handling allows an attacker to inject arbitrary JavaScript code that executes in the context of the victim's browser when they visit the crafted URL. The attack vector is remote and does not require any authentication or privileges, but it does require user interaction to trigger the malicious script. The CVSS 4.0 score is 5.3 (medium severity), reflecting the ease of exploitation (network accessible, no privileges required) but limited impact on confidentiality and availability, with primarily integrity affected through script injection. The vulnerability could be exploited for session hijacking, phishing, or defacement attacks. The vendor was notified early but has not issued any patches or advisories, and no known exploits have been observed in the wild yet. The public disclosure of the exploit increases the risk of opportunistic attacks against unpatched systems.

For European organizations using Advaya Softech GEMS ERP Portal, this vulnerability poses a risk of client-side attacks that can compromise user sessions, steal sensitive information, or manipulate displayed content. Since ERP portals often contain critical business data and user credentials, successful exploitation could lead to unauthorized access to internal systems or data leakage. The lack of vendor response and patches increases exposure time, potentially allowing attackers to craft targeted phishing campaigns or deploy persistent malicious scripts. The impact on confidentiality is limited but non-negligible, while integrity risks are more pronounced due to script injection capabilities. Availability is not directly affected. Organizations relying heavily on this ERP system for business operations may face reputational damage and operational disruptions if attackers leverage this vulnerability to deface portals or conduct social engineering attacks.

Given the absence of official patches, European organizations should implement immediate compensating controls. First, apply strict input validation and output encoding on all user-supplied data, especially the 'Message' parameter in the /home.jsp endpoint, to neutralize malicious scripts. If source code modification is not feasible, deploy a web application firewall (WAF) with custom rules to detect and block XSS payloads targeting this parameter. Conduct regular security audits and penetration tests focusing on this endpoint. Educate users to recognize suspicious URLs and avoid clicking untrusted links. Monitor web server logs and user activity for signs of attempted exploitation. Consider isolating or restricting access to the vulnerable ERP portal until a vendor patch is available. Finally, maintain up-to-date backups and incident response plans to quickly recover from potential attacks.