Vulnerabilities
Vulnerable Software
Frappe:  Security Vulnerabilities
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI.
CVSS Score
7.4
EPSS Score
0.008
Published
2020-03-19
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI.
CVSS Score
7.4
EPSS Score
0.008
Published
2020-03-19
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI.
CVSS Score
7.4
EPSS Score
0.008
Published
2020-03-19
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI.
CVSS Score
7.4
EPSS Score
0.008
Published
2020-03-19
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI.
CVSS Score
7.4
EPSS Score
0.008
Published
2020-03-19
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address.
CVSS Score
7.4
EPSS Score
0.008
Published
2020-03-19
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI.
CVSS Score
7.4
EPSS Score
0.008
Published
2020-03-19
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI.
CVSS Score
7.4
EPSS Score
0.008
Published
2020-03-19
ERPNext 11.1.47 allows blog?blog_category= Frame Injection.
CVSS Score
4.7
EPSS Score
0.007
Published
2020-03-18
In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files.
CVSS Score
7.5
EPSS Score
0.013
Published
2020-03-18


Contact Us

Shodan ® - All rights reserved