ERPNext - Stored XSS in My Settings

ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to full account takeover.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

ERPNext 跨站脚本漏洞

ERPNext是印度ERPNext公司的一套开源的企业资源计划解决方案。 ERPNext v12.0.9-v13.0.3版本存在跨站脚本漏洞，该漏洞源于允许低权限用户将恶意脚本存储在“my settings”中的“username”字段中，这可能导致完全帐户接管。

N/A

N/A