Lucene search
K

5 matches found

Packet Storm
Packet Storm
added 2025/05/06 12:0 a.m.100 views

📄 ERPNext 14.82.1 Cross Site Request Forgery

ERPNext versions 14.82.1 and below suffer from a cross site request forgery vulnerability. Exploit Title: ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery CSRF Google Dork: inurl:"/api/method/frappe" Date: 2025-04-29 Exploit Author: Ahmed Thaiban Thvt0ne Vendor Homepage:...

8.1CVSS7AI score0.00759EPSS
Exploits3
Circl
Circl
added 2025/05/05 8:3 p.m.18 views

CVE-2025-28062

creationtimestamp| type| source ---|---|--- 2025-05-05 20:03:55+00:00| seen| https://t.me/cvedetector/24475 2025-05-07 21:02:22+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lomcacts522k 2025-05-13 19:31:08+00:00| published-proof-of-concept|...

8.1CVSS4.8AI score0.00759EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2025/05/05 12:0 a.m.8 views

CVE-2025-28062

A Cross-Site Request Forgery CSRF vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF protections...

7.1AI score0.00759EPSS
Exploits3References2
CVE
CVE
added 2025/05/05 12:0 a.m.67 views

CVE-2025-28062

CVE-2025-28062 is a CSRF vulnerability in ERPNext versions 14.82.1 and 14.74.3. The issue arises from missing CSRF protections on critical administrative API endpoints (e.g., /api/method/frappe.desk.reportview.delete_items and /api/method/frappe.desk.form.save.savedocs), enabling an authenticated...

8.1CVSS7.5AI score0.00759EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2025/05/05 12:0 a.m.19 views

CVE-2025-28062

A Cross-Site Request Forgery CSRF vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF protections...

0.00759EPSS
Exploits3References2
Rows per page
Query Builder