RSS   Podatności dla 'Erpnext'   RSS

2020-08-10
 
CVE-2020-6145

CWE-89
 
 
An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

 
2020-03-19
 
CVE-2019-20521

CWE-79
 
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI.

 
 
CVE-2019-20520

CWE-79
 
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI.

 
 
CVE-2019-20519

CWE-79
 
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address.

 
 
CVE-2019-20518

CWE-79
 
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI.

 
 
CVE-2019-20517

CWE-79
 
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI.

 
 
CVE-2019-20516

CWE-79
 
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI.

 
 
CVE-2019-20515

CWE-79
 
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI.

 
 
CVE-2019-20514

CWE-79
 
 
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI.

 
2020-03-18
 
CVE-2019-20511

CWE-74
 
 
ERPNext 11.1.47 allows blog?blog_category= Frame Injection.

 

Copyright 2024, cxsecurity.com

 

Back to Top