← back
CVE-2022-28598

CVE-2022-28598

EPSS 5.0%
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users.
Affected products
n/a · n/a
public PoCs found3
githubgithub.com/patrickdeanramos/CVE-2022-285980cve_referencepacketstormsecurity.com/files/171730/ERPNext-12.29-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51255unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://erpnext.comhttp://frappe.comhttp://packetstormsecurity.com/files/171730/ERPNext-12.29-Cross-Site-Scripting.htmlhttps://github.com/patrickdeanramos/CVE-2022-28598/blob/main/ERPNext%20-%2012.29.0.pdf