CVE-2022-23058
ERPNext (versions v12.0.9–v13.0.3) is affected by a stored XSS in the username field under My Settings. The vulnerability allows low-privileged users to inject malicious scripts, potentially leading to full account takeover. The available sources confirm the affected versions and the stored XSS v...