Erpnext · Erpnext · CVE-2025-56379
**Name of the Vulnerable Software and Affected Versions**
ERPNEXT version 15.67.0
**Description**
A stored cross-site scripting (XSS) issue exists in the blog post feature. An attacker can inject a crafted payload into the content field, potentially leading to the execution of arbitrary web scripts or HTML.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.