Lucene search
HistoryAug 22, 2022 - 5:15 p.m.
CVE-2022-28598
cve-2022-28598
frappe erpnext
xss
nvd
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
49.3%
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users.
Affected configurations
Node
frappeerpnextMatch12.29.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| frappe:erpnext | frappe erpnext | eq | 12.29.0 |
References
Social References
More
Related
prion
prion
Design/Logic Flaw
2022-08-22 17:15:00
nvd
nvd
CVE-2022-28598
2022-08-22 17:15:08
zdt
zdt
ERPNext 12.29 - Cross-Site Scripting Vulnerability
2023-04-05 00:00:00
osv
osv
CVE-2022-28598
2022-08-22 17:15:08
cvelist
cvelist
CVE-2022-28598
2022-08-22 00:00:00
packetstorm
packetstorm
ERPNext 12.29 Cross Site Scripting
2023-04-06 00:00:00
exploitdb
exploitdb
ERPNext 12.29 - Cross-Site Scripting (XSS)
2023-04-05 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
49.3%
Related for CVE-2022-28598