CVE-2019-20519: XSS
First published: Thu Mar 19 2020(Updated: )
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Frappe ERPNext | =11.1.47 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this ERPNext version?
The vulnerability ID for ERPNext version 11.1.47 is CVE-2019-20519.
How does this vulnerability occur?
This vulnerability occurs due to a reflected XSS via the PATH_INFO to the user/ URI.
What is the severity of CVE-2019-20519?
The severity of CVE-2019-20519 is high with a CVSS score of 6.1.
How can this vulnerability be exploited?
This vulnerability can be exploited by crafting a malicious e-mail address.
Is there a fix available for this vulnerability?
Yes, it is recommended to upgrade to a fixed version of ERPNext.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/type
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/frappe
- canonical/frappe erpnext
- version/frappe erpnext/11.1.47