Exposición de ERPNext
CMS28
score de exposición
341
sitios usan
0
en explotación
2
críticos
CVEs
17 resultadosCVE-2020-6145MEDIUMAn SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request cEPSS 1.8%CVE-2018-3883MEDIUMAn exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQLEPSS 0.9%CVE-2018-3884MEDIUMAn exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQLEPSS 0.9%CVE-2018-3885MEDIUMAn exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQLEPSS 0.9%CVE-2022-23056—ERPNext - Stored XSS leads to account takoverEPSS 0.8%CVE-2026-44440MEDIUMERPNext: Path Traversal Leading to Sensitive File ExposureEPSS 0.4%CVE-2026-27471CRITICALERP: Document access through endpoints due to missing validationEPSS 0.3%CVE-2026-32954HIGHERP has a possibility SQL Injection vulnerability due to missing validationEPSS 0.3%CVE-2026-44447HIGHERPNext: Possibility of SQL Injection due to missing validationEPSS 0.3%CVE-2025-58439HIGHERP: Possibility of SQL injection due to missing validationEPSS 0.3%CVE-2026-44442CRITICALERPNext: Unauthorised Document modification due to missing validationEPSS 0.3%CVE-2026-44446HIGHERPNext: Possibility of SQL Injection due to missing validationEPSS 0.3%CVE-2026-42839MEDIUMERPNext 16.16.0 - Stored XSS in POS cart item renderingEPSS 0.3%CVE-2026-42840MEDIUMERPNext 16.16.0 - Stored XSS in POS customer section via unescaped template literalsEPSS 0.2%CVE-2026-44445MEDIUMERPNext: XML External Entity (XEE) Reference Vulnerability in the EDI ModuleEPSS 0.2%CVE-2026-44441MEDIUMERPNext: Possible SSRF by any authenticated userEPSS 0.2%CVE-2026-44448MEDIUMERPNext: Unauthorised Document modification due to missing validationEPSS 0.1%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →