CVE-2026-38432

Published: Mag 05, 2026 Last Modified: Mag 05, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied.

https://c0wking.hashnode.dev/stored-xss-in-erpnext-frappe-e…

https://c0wking.hashnode.dev/stored-xss-in-erpnext-frappe-email-template-engine

CVE-2026-38432

Description

Iscriviti alla newsletter