CVE-2022-23057
In ERPNext, versions v12.0.9–v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A low-privilege attacker could inject arbitrary code into input fields when editing a user’s profile. Root cause: unchecked/unsanitized input allowing script ex...