CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-23058

ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to full account takeover.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.4%

CVSS Severity

CVSS v2 Score 3.5

References

Products affected by CVE-2022-23058

Frappe » Erpnext » Version: 12.0.9

cpe:2.3:a:frappe:erpnext:12.0.9
Frappe » Erpnext » Version: 12.1.0

cpe:2.3:a:frappe:erpnext:12.1.0
Frappe » Erpnext » Version: 12.1.1

cpe:2.3:a:frappe:erpnext:12.1.1
Frappe » Erpnext » Version: 12.1.2

cpe:2.3:a:frappe:erpnext:12.1.2
Frappe » Erpnext » Version: 12.1.3

cpe:2.3:a:frappe:erpnext:12.1.3
Frappe » Erpnext » Version: 12.1.4

cpe:2.3:a:frappe:erpnext:12.1.4
Frappe » Erpnext » Version: 12.1.5

cpe:2.3:a:frappe:erpnext:12.1.5
Frappe » Erpnext » Version: 12.1.6

cpe:2.3:a:frappe:erpnext:12.1.6
Frappe » Erpnext » Version: 12.1.7

cpe:2.3:a:frappe:erpnext:12.1.7
Frappe » Erpnext » Version: 12.1.8

cpe:2.3:a:frappe:erpnext:12.1.8
Frappe » Erpnext » Version: 12.10.0

cpe:2.3:a:frappe:erpnext:12.10.0
Frappe » Erpnext » Version: 12.10.1

cpe:2.3:a:frappe:erpnext:12.10.1
Frappe » Erpnext » Version: 12.11.0

cpe:2.3:a:frappe:erpnext:12.11.0
Frappe » Erpnext » Version: 12.11.1

cpe:2.3:a:frappe:erpnext:12.11.1
Frappe » Erpnext » Version: 12.11.2

cpe:2.3:a:frappe:erpnext:12.11.2
Frappe » Erpnext » Version: 12.12.0

cpe:2.3:a:frappe:erpnext:12.12.0
Frappe » Erpnext » Version: 12.12.1

cpe:2.3:a:frappe:erpnext:12.12.1
Frappe » Erpnext » Version: 12.13.0

cpe:2.3:a:frappe:erpnext:12.13.0
Frappe » Erpnext » Version: 12.14.0

cpe:2.3:a:frappe:erpnext:12.14.0
Frappe » Erpnext » Version: 12.15.0

cpe:2.3:a:frappe:erpnext:12.15.0
Frappe » Erpnext » Version: 12.16.0

cpe:2.3:a:frappe:erpnext:12.16.0
Frappe » Erpnext » Version: 12.16.1

cpe:2.3:a:frappe:erpnext:12.16.1
Frappe » Erpnext » Version: 12.16.2

cpe:2.3:a:frappe:erpnext:12.16.2
Frappe » Erpnext » Version: 12.17.0

cpe:2.3:a:frappe:erpnext:12.17.0
Frappe » Erpnext » Version: 12.18.0

cpe:2.3:a:frappe:erpnext:12.18.0
Frappe » Erpnext » Version: 12.19.0

cpe:2.3:a:frappe:erpnext:12.19.0
Frappe » Erpnext » Version: 12.2.0

cpe:2.3:a:frappe:erpnext:12.2.0
Frappe » Erpnext » Version: 12.2.1

cpe:2.3:a:frappe:erpnext:12.2.1
Frappe » Erpnext » Version: 12.2.2

cpe:2.3:a:frappe:erpnext:12.2.2
Frappe » Erpnext » Version: 12.2.3

cpe:2.3:a:frappe:erpnext:12.2.3
Frappe » Erpnext » Version: 12.20.0

cpe:2.3:a:frappe:erpnext:12.20.0
Frappe » Erpnext » Version: 12.21.0

cpe:2.3:a:frappe:erpnext:12.21.0
Frappe » Erpnext » Version: 12.23.0

cpe:2.3:a:frappe:erpnext:12.23.0
Frappe » Erpnext » Version: 12.24.0

cpe:2.3:a:frappe:erpnext:12.24.0
Frappe » Erpnext » Version: 12.25.0

cpe:2.3:a:frappe:erpnext:12.25.0
Frappe » Erpnext » Version: 12.26.0

cpe:2.3:a:frappe:erpnext:12.26.0
Frappe » Erpnext » Version: 12.27.0

cpe:2.3:a:frappe:erpnext:12.27.0
Frappe » Erpnext » Version: 12.28.0

cpe:2.3:a:frappe:erpnext:12.28.0
Frappe » Erpnext » Version: 12.29.0

cpe:2.3:a:frappe:erpnext:12.29.0
Frappe » Erpnext » Version: 12.3.0

cpe:2.3:a:frappe:erpnext:12.3.0
Frappe » Erpnext » Version: 12.3.1

cpe:2.3:a:frappe:erpnext:12.3.1
Frappe » Erpnext » Version: 12.30.0

cpe:2.3:a:frappe:erpnext:12.30.0
Frappe » Erpnext » Version: 12.30.1

cpe:2.3:a:frappe:erpnext:12.30.1
Frappe » Erpnext » Version: 12.4.0

cpe:2.3:a:frappe:erpnext:12.4.0
Frappe » Erpnext » Version: 12.4.1

cpe:2.3:a:frappe:erpnext:12.4.1
Frappe » Erpnext » Version: 12.4.2

cpe:2.3:a:frappe:erpnext:12.4.2
Frappe » Erpnext » Version: 12.4.3

cpe:2.3:a:frappe:erpnext:12.4.3
Frappe » Erpnext » Version: 12.5.0

cpe:2.3:a:frappe:erpnext:12.5.0
Frappe » Erpnext » Version: 12.5.1

cpe:2.3:a:frappe:erpnext:12.5.1
Frappe » Erpnext » Version: 12.5.2

cpe:2.3:a:frappe:erpnext:12.5.2
Frappe » Erpnext » Version: 12.6.0

cpe:2.3:a:frappe:erpnext:12.6.0
Frappe » Erpnext » Version: 12.7.0

cpe:2.3:a:frappe:erpnext:12.7.0
Frappe » Erpnext » Version: 12.7.1

cpe:2.3:a:frappe:erpnext:12.7.1
Frappe » Erpnext » Version: 12.8.0

cpe:2.3:a:frappe:erpnext:12.8.0
Frappe » Erpnext » Version: 12.9.0

cpe:2.3:a:frappe:erpnext:12.9.0
Frappe » Erpnext » Version: 12.9.1

cpe:2.3:a:frappe:erpnext:12.9.1
Frappe » Erpnext » Version: 12.9.2

cpe:2.3:a:frappe:erpnext:12.9.2
Frappe » Erpnext » Version: 12.9.3

cpe:2.3:a:frappe:erpnext:12.9.3
Frappe » Erpnext » Version: 12.9.4

cpe:2.3:a:frappe:erpnext:12.9.4
Frappe » Erpnext » Version: 13.0.0

cpe:2.3:a:frappe:erpnext:13.0.0
Frappe » Erpnext » Version: 13.0.1

cpe:2.3:a:frappe:erpnext:13.0.1
Frappe » Erpnext » Version: 13.0.2

cpe:2.3:a:frappe:erpnext:13.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-23058

Products

Pricing

Contact Us