CVE-2019-20521: XSS
First published: Thu Mar 19 2020(Updated: )
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Frappe ERPNext | =11.1.47 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this ERPNext version?
The vulnerability ID for this ERPNext version is CVE-2019-20521.
What is the severity level of CVE-2019-20521?
The severity level of CVE-2019-20521 is high, with a severity value of 6.1.
What is the affected software and version of CVE-2019-20521?
The affected software is Frappe ERPNext version 11.1.47.
What type of vulnerability is CVE-2019-20521?
CVE-2019-20521 is a reflected XSS vulnerability via the PATH_INFO to the api/ URI.
Is there a reference link for more information on CVE-2019-20521?
Yes, you can find more information on CVE-2019-20521 at the following link: [netsparker.com](https://www.netsparker.com/web-applications-advisories/ns-19-017-cross-site-scripting-in-erpnext/)
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/frappe
- canonical/frappe erpnext
- version/frappe erpnext/11.1.47