Security Advisory

CVE-2022-23058

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-06-22 07:30:21

Last updated 2024-09-16 17:37:58

Assigner Mend

State PUBLISHED

Description

ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to full account takeover.

← Browse all CVEs View on cve.org ↗