2020-03-19 17:52:35
mitre
PUBLISHED
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address.