Skip to main content
CVE-2022-23058 LOW POC PATCH Monitor

ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Erpnext
NVD GitHub
CVSS 2.0
3.5
EPSS
0.8%
CVE-2022-23056 LOW POC PATCH Monitor

In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Erpnext
NVD GitHub
CVSS 2.0
3.5
EPSS
0.8%
CVE-2022-32159 LOW PATCH Monitor

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Infogami
NVD GitHub
CVSS 2.0
3.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy