cbcvebase.
CVE-2022-23056
published 2022-06-22

CVE-2022-23056: In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an…

PriorityP415low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
0.79%
51.7th percentile
In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack.

Affected

4 ranges
VendorProductVersion rangeFixed in
erpnexterpnextunspecified – v13.30.0
erpnexterpnext>= v13.0.0-beta.13 < unspecifiedunspecified
frappeerpnext
frappeerpnext>= 13.0.1 < 13.30.013.30.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.