Erpnext Security Vulnerabilities and Issues — Erpnext CVE List | Vulners.com

Lucene search

K

FrappeErpnext

9 matches found

CVE•added 2020/03/19 6:15 p.m.•49 views

CVE-2019-20521

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI.

7.4CVSS5.9AI score0.00344EPSS

CVE•added 2020/03/19 6:15 p.m.•45 views

CVE-2019-20514

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI.

7.4CVSS5.9AI score0.00344EPSS

CVE•added 2020/03/19 6:15 p.m.•40 views

CVE-2019-20515

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI.

7.4CVSS5.9AI score0.00344EPSS

CVE•added 2020/03/19 6:15 p.m.•34 views

CVE-2019-20518

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI.

7.4CVSS5.9AI score0.00344EPSS

CVE•added 2018/12/11 5:29 p.m.•32 views

CVE-2018-20061

A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that call...

7.5CVSS7.8AI score0.00264EPSS

CVE•added 2020/03/19 6:15 p.m.•31 views

CVE-2019-20520

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI.

7.4CVSS5.9AI score0.00344EPSS

CVE•added 2020/03/19 6:15 p.m.•30 views

CVE-2019-20516

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI.

7.4CVSS5.9AI score0.00344EPSS

CVE•added 2020/03/19 6:15 p.m.•30 views

CVE-2019-20517

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI.

7.4CVSS5.9AI score0.00344EPSS

CVE•added 2020/03/19 6:15 p.m.•29 views

CVE-2019-20519

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address.

7.4CVSS5.9AI score0.00344EPSS