Home

Description

A stored cross-site scripting (XSS) vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field.

PUBLISHED Reserved 2025-08-16 | Published 2025-10-02 | Updated 2025-10-03 | Assigner mitre

References

github.com/MoAlali/

x.com/alaliksa_

www.linkedin.com/in/mohammedaloli/

github.com/MoAlali/CVE-2025-56379

cve.org (CVE-2025-56379)

nvd.nist.gov (CVE-2025-56379)

Download JSON