Vulnerabilities > Frappe > Erpnext > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-18 CVE-2019-20511 Cross-site Scripting vulnerability in Frappe Erpnext 11.1.47
ERPNext 11.1.47 allows blog?blog_category= Frame Injection.
network
frappe CWE-79
4.3
2018-12-11 CVE-2018-20061 SQL Injection vulnerability in Frappe Erpnext
A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29.
network
low complexity
frappe CWE-89
5.0
2018-05-22 CVE-2018-11339 Cross-site Scripting vulnerability in Frappe Erpnext 11.X.Xdevelopb1036E5
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.
network
frappe CWE-79
4.3