ERPNext - Stored XSS leads to account takover
CVE-2022-23056

Currently unrated

Key Information:

Vendor: Erpnext
Status: Erpnext
Vendor: CVE Published:; 22 June 2022

What is CVE-2022-23056?

In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack.

Affected Version(s)

erpnext v13.0.0-beta.13

erpnext <= unspecified

References

https://www.mend.io/vulnerability-database/CVE-2022-23056

x_refsource_MISC

https://github.com/frappe/erpnext/blob/21a3ea462aaf319e46...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2022
Vulnerability Reserved
Jan 10, 2022

Credit

Mend Vulnerability Research Team (MVR)

CVE-2022-23056 Data

JSON

Erpnext

What is CVE-2022-23056?

Affected Version(s)

References

Timeline

Credit