CVE-2019-20514

Name of the Vulnerable Software and Affected Versions ERPNext version 11.1.47

Description The issue allows reflected XSS via the PATH INFO to the address/ URI. This can be exploited by manipulating the PATH INFO variable in the request.

Recommendations For ERPNext version 11.1.47, consider restricting access to the vulnerable URI to minimize the risk of exploitation. As a temporary workaround, avoid using the PATH INFO variable in the affected address/ URI until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.