CVE-2022-23056
published 2022-06-22CVE-2022-23056: In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an…
PriorityP415low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
0.79%
51.7th percentile
In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| erpnext | erpnext | unspecified – v13.30.0 | — |
| erpnext | erpnext | >= v13.0.0-beta.13 < unspecified | unspecified |
| frappe | erpnext | — | — |
| frappe | erpnext | >= 13.0.1 < 13.30.0 | 13.30.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/frappe/erpnext/blob/21a3ea462aaf319e466c067c2ec406eb9abe6ed3/erpnext/healthcare/page/patient_history/patient_history.js#L288https://www.mend.io/vulnerability-database/CVE-2022-23056https://github.com/frappe/erpnext/blob/21a3ea462aaf319e466c067c2ec406eb9abe6ed3/erpnext/healthcare/page/patient_history/patient_history.js#L288https://www.mend.io/vulnerability-database/CVE-2022-23056
2022-06-22
Published