CVE-2022-23056

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23056

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23056.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-23056

Published

2022-06-22T08:15:07.410Z

Modified

2025-11-14T12:57:00.809739Z

Summary

[none]

Details

In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack.

References

Affected packages

Git / github.com/frappe/erpnext

Affected ranges

Type: GIT
Repo: https://github.com/frappe/erpnext
Events: Introduced

e0222723f05d730463d741de7a5ebff9e2081b3a

Fixed

d9f76478da41c797567076422734161e8cab8f12

Affected versions

v13.*

v13.0.1

v13.0.2

v13.1.0

v13.1.1

v13.10.0

v13.10.1

v13.10.2

v13.11.0

v13.11.1

v13.12.0

v13.12.1

v13.13.0

v13.14.0

v13.14.1

v13.15.0

v13.15.1

v13.15.2

v13.16.0

v13.16.1

v13.17.0

v13.18.0

v13.19.0

v13.2.0

v13.2.1

v13.20.0

v13.20.1

v13.21.0

v13.21.1

v13.22.0

v13.22.1

v13.23.0

v13.23.1

v13.23.2

v13.23.3

v13.24.0

v13.25.0

v13.25.1

v13.25.2

v13.26.0

v13.27.0

v13.27.1

v13.28.0

v13.29.0

v13.29.1

v13.29.2

v13.3.0

v13.3.1

v13.4.0

v13.4.1

v13.5.0

v13.5.1

v13.5.2

v13.6.0

v13.7.0

v13.7.1

v13.8.0

v13.9.0

v13.9.1

v13.9.2