Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar images allows attackers to embed malicious JavaScript. The payload executes when an administrator clicks the image link to view the avatar, resulting in stored cross-site scripting (XSS). Successful exploitation may lead to account takeover, privilege escalation, or full compromise of the affected ERPNext instance.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ERPNext和Frappe Technologies Frappe Framework 安全漏洞
Vulnerability Description
Frappe Technologies Frappe Framework是印度Frappe Technologies公司的一款基于Python和JavaScript的元数据驱动的全栈Web应用程序框架。ERPNext是印度ERPNext公司的一套开源的企业资源计划解决方案。 ERPNext v15.83.2版本和Frappe Technologies Frappe Framework v15.86.0版本存在安全漏洞,该漏洞源于上传的SVG头像图像验证不当,可能导致存储型跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A