CVE-2022-23056

CVE-2022-23056: ERPNext - Stored XSS leads to account takover

Vendor Erpnext
Product erpnext
Weakness CWE-79 · XSS
Published June 22, 2022
Last update September 17, 2024

CVSS base score

What the vulnerability does

01Description

In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack.

Key dates

02Disclosure timeline

June 22, 2022 CVE published
September 17, 2024 Record updated