CNNVD-202602-353 Information
Feb 03, 2026
cve
CNNVD ID
CNNVD-202602-353
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
ERPNext是印度ERPNext公司的一套开源的企业资源计划解决方案。 ERPNext 15.88.1及之前版本存在安全漏洞,该漏洞源于CSV导入机制对输入中和不当,可能导致存储型跨站脚本攻击。
Description (English)
ERPNext is an open-source enterprise resource plan solution for ERPNext in India. ERPNext 15.88.1 and previous versions contain a security loophole, which stems from the inappropriateness of the CSV import mechanism for input and may result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
ERPNext
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/frappe/frappe_docker.git
Patch
https://github.com/frappe/frappe_docker/releases
Share on: