Reflected XSS Vulnerability in ERPNext by Frappe Technologies
CVE-2019-20514
7.4HIGH
What is CVE-2019-20514?
ERPNext version 11.1.47 is vulnerable to a reflected cross-site scripting (XSS) attack through manipulated PATH_INFO in the address URI. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized data access and session hijacking. It is crucial for users of ERPNext to apply necessary updates and security patches to mitigate these risks.
References
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved