SSRF and Account Takeover via XSS in ERPNext (0-day)
ERPNext is a very popular open-source ERP(Enterprise Resource Planning) software built on Frappe Framework.Last December, we found two vulnerabilities in the latest version of ERPNext: SSRF(Server-Side Request Forgery) and account takeover via XSS. Both vulnerabilities require a low-privileged authenticated user to perform the attack.



