Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Erpnext
(Frappe)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 17 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-03-19 | CVE-2019-20521 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI. | Erpnext | N/A | ||
2020-03-19 | CVE-2019-20520 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI. | Erpnext | N/A | ||
2020-03-19 | CVE-2019-20519 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address. | Erpnext | N/A | ||
2020-03-19 | CVE-2019-20518 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI. | Erpnext | N/A | ||
2020-03-19 | CVE-2019-20517 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI. | Erpnext | N/A | ||
2020-03-19 | CVE-2019-20516 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI. | Erpnext | N/A | ||
2020-03-19 | CVE-2019-20515 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI. | Erpnext | N/A | ||
2020-03-19 | CVE-2019-20514 | ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI. | Erpnext | N/A | ||
2018-12-11 | CVE-2018-20061 | A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that calls a server-side Python function with carefully chosen arguments, a SQL attack can be carried out which allows SQL queries to be constructed to return any columns from any tables in the database.... | Erpnext | 7.5 | ||
2018-05-21 | CVE-2018-11339 | An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment. | Erpnext | 6.1 |