Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
frappe erpnext vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-20518
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI.
Frappe Erpnext 11.1.47
4.3
CVSSv2
CVE-2019-20519
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address.
Frappe Erpnext 11.1.47
4.3
CVSSv2
CVE-2019-20520
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI.
Frappe Erpnext 11.1.47
4.3
CVSSv2
CVE-2019-20521
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI.
Frappe Erpnext 11.1.47
4.3
CVSSv2
CVE-2019-20511
ERPNext 11.1.47 allows blog?blog_category= Frame Injection.
Frappe Erpnext 11.1.47
5
CVSSv2
CVE-2018-20061
A SQL injection issue exists in ERPNext 10.x and 11.x up to and including 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaSc...
Frappe Erpnext
Frappe Erpnext 11.0.3
4.3
CVSSv2
CVE-2018-11339
An XSS issue exists in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.
Frappe Erpnext 11.x.x-develop B1036e5
1 EDB exploit
6.5
CVSSv2
CVE-2017-1000120
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
Frappe Frappe
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2