Vulnerabilities > Frappe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-19 | CVE-2019-20519 | Cross-site Scripting vulnerability in Frappe Erpnext 11.1.47 ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address. | 6.1 |
| 2020-03-19 | CVE-2019-20518 | Cross-site Scripting vulnerability in Frappe Erpnext 11.1.47 ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI. | 6.1 |
| 2020-03-19 | CVE-2019-20517 | Cross-site Scripting vulnerability in Frappe Erpnext 11.1.47 ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI. | 6.1 |
| 2020-03-19 | CVE-2019-20516 | Cross-site Scripting vulnerability in Frappe Erpnext 11.1.47 ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI. | 6.1 |
| 2020-03-19 | CVE-2019-20515 | Cross-site Scripting vulnerability in Frappe Erpnext 11.1.47 ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI. | 6.1 |
| 2020-03-19 | CVE-2019-20514 | Cross-site Scripting vulnerability in Frappe Erpnext 11.1.47 ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI. | 6.1 |
| 2020-03-18 | CVE-2019-20511 | Cross-site Scripting vulnerability in Frappe Erpnext 11.1.47 ERPNext 11.1.47 allows blog?blog_category= Frame Injection. | 6.1 |
| 2019-08-27 | CVE-2019-15700 | Cross-site Scripting vulnerability in Frappe public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text. | 6.1 |
| 2019-08-12 | CVE-2019-14967 | Cross-site Scripting vulnerability in Frappe An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. | 6.1 |
| 2018-05-22 | CVE-2018-11339 | Cross-site Scripting vulnerability in Frappe Erpnext 11.X.Xdevelopb1036E5 An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment. | 6.1 |