Lucene search
K

493 matches found

EUVD
EUVD
added 2026/05/05 6:33 p.m.8 views

EUVD-2026-27404

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

5.9AI score0.00175EPSS
Exploits1References2
NVD
NVD
added 2026/05/05 5:17 p.m.7 views

CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

6.1CVSS0.00175EPSS
Exploits1References1
NVD
NVD
added 2026/05/05 5:17 p.m.8 views

CVE-2026-38431

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection SSTI. An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered...

9.8CVSS0.0039EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/05 12:31 p.m.7 views

EUVD-2023-60566

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

8.8CVSS6.2AI score0.00609EPSS
Exploits1References9
NVD
NVD
added 2026/05/05 12:16 p.m.45 views

CVE-2023-54345

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

8.8CVSS0.00609EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.51 views

CVE-2023-54345 Frappe Framework ERPNext 13.4.0 Remote Code Execution

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

8.8CVSS0.00609EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:24 a.m.4 views

CVE-2023-54345

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

8.8CVSS6.2AI score0.00609EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2026/05/05 11:24 a.m.29 views

CVE-2023-54345

The CVE-2023-54345 entry concerns Frappe Framework ERPNext 13.4.0. A sandbox-escape flaw in RestrictedPython allows authenticated users with the System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via /app/server-script and access ...

8.8CVSS6.2AI score0.00609EPSS
Exploits1References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:0 a.m.4 views

CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

5.9AI score0.00175EPSS
Exploits1References2
CVE
CVE
added 2026/05/05 12:0 a.m.16 views

CVE-2026-38432

ERPNext v15.103.1 and earlier is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. Affected component: Email Template engine. Root cause: an attacker with permission to create or edit email templates can inject malicious JavaScript that executes in the victim’s browser when t...

6.1CVSS5.9AI score0.00175EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/05 12:0 a.m.43 views

CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

0.00175EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/05 12:0 a.m.39 views

CVE-2026-38431

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection SSTI. An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered...

0.0039EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:0 a.m.3 views

CVE-2026-38431

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection SSTI. An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered...

5.8AI score0.0039EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-37088

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.103.2 Description Server-Side Template Injection SSTI occurs when an attacker with permissions to create or edit email templates injects template expressions. These expressions are executed on the server during the...

9.8CVSS5.8AI score0.0039EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

ERPNext 安全漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext prior to v15.103.1 contained security vulnerabilities. These vulnerabilities were caused by server-side template injection. Attackers who had access to create or edi...

9.8CVSS5.8AI score0.0039EPSS
Exploits1References2
CVE
CVE
added 2026/05/05 12:0 a.m.14 views

CVE-2026-38431

ERPNext v15.103.1 and earlier is vulnerable to Server-Side Template Injection (SSTI) in email templates. An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template renders, leading to potential full impact on con...

9.8CVSS5.8AI score0.0039EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 12:0 a.m.8 views

CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

5.9AI score0.00175EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/05 12:0 a.m.6 views

CVE-2026-38431

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection SSTI. An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered...

5.8AI score0.0039EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37089

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.103.2 Description The Email Template engine allows an attacker with permissions to create or edit email templates to inject malicious JavaScript code. This code is executed in the victim's browser when the template...

6.1CVSS5.9AI score0.00175EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

ERPNext 安全漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext prior to v15.103.1 contained security vulnerabilities. These vulnerabilities stemmed from cross-site scripting in the email template engine. Attackers with permissio...

6.1CVSS5.7AI score0.00175EPSS
Exploits1References2
Rows per page
Query Builder