PT-2022-15815 · Erpnext · Erpnext
Name of the Vulnerable Software and Affected Versions: ERPNext versions v11.0.0-beta through v13.0.2 Description: The issue concerns missing authorization in the chat rooms functionality. A low-privileged attacker can send direct or group messages to any member or group, impersonating themselves ...