Cross site scripting

2022-06-2208:15:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.6%

JSON

In ERPNext, versions v12.0.9–v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. A low privileged attacker could inject arbitrary code into input fields when editing his profile.

CPENameOperatorVersion
erpnextge12.0.9
erpnextlt13.1.0

CPE	Name	Operator	Version
	erpnext	ge	12.0.9
	erpnext	lt	13.1.0

References

github.com/frappe/frappe/commit/497ea861f481c6a3c52fe2aed9d0df1b6c99e9d7

www.mend.io/vulnerability-database/CVE-2022-23057