exploitDog

CVE-2022-23058

Опубликовано: 22 июн. 2022

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to full account takeover.

Ссылки

https://github.com/frappe/frappe/commit/497ea861f481c6a3c52fe2aed9d0df1b6c99e9d7
Patch
Third Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-23058
Exploit
Patch
Third Party Advisory
https://github.com/frappe/frappe/commit/497ea861f481c6a3c52fe2aed9d0df1b6c99e9d7
Patch
Third Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-23058
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:frappe:erpnext:*:*:*:*:*:*:*:*

Версия от 12.0.9 (включая) до 13.1.0 (исключая)

EPSS

Процентиль: 47%

0.00238

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-7vf8-fmww-vhhv

CVSS3: 5.4

github

больше 3 лет назад

ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to full account takeover.

EPSS

Процентиль: 47%

0.00238

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79