Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
Stored XSS Vulnerability in ERPNext v15.53.1 Allows Script Execution via user_image Field
Malware and Vulnerabilities
June 04, 2025
seclists
A stored cross-site scripting (XSS) vulnerability has been identified in ERPNext v15.53.1. The flaw resides in the `user_image` field of the user profile page, where an authenticated user can inject malicious JavaScript.
Read More
ERPNext
Cross Site Scripting
User Image Field
JavaScript Injection
Web Application Security
Publisher
Previous
Hacktivist Groups FunkSec, KillSec, and GhostSec Transi ...
Threat Actors
Next
CISA Adds Actively Exploited Flaws in ASUS RT-AX55, Cra ...
Malware and Vulnerabilities
/https://cyware-ent.s3.amazonaws.com/image_bank/bb7f_shutterstock_660345646.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/f6de_shutterstock_2245073283.jpeg)
