CVE-2019-20519

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address.

Date published : 2020-03-19

https://www.netsparker.com/web-applications-advisories/ns-19-017-cross-site-scripting-in-erpnext/