CVE-2022-23057

Summary

In ERPNext, versions v12.0.9–v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. A low privileged attacker could inject arbitrary code into input fields when editing his profile.

Affected Software

VendorProductVersion RangeStatus
frappefrappev12.0.9 < unspecifiedaffected
frappefrappeunspecified <= v13.0.3affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References