CVE-2022-23058

CVE-2022-23058: ERPNext - Stored XSS in My Settings

Vendor Frappe
Product frappe
Weakness CWE-79 · XSS
Published June 22, 2022
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to full account takeover.

Key dates

02Disclosure timeline

June 22, 2022 CVE published
September 16, 2024 Record updated