Skip to content
cyberMEDIUM2026-05-05 17:17 UTC

CVE-2026-38432 - ERPNext Cross Site Scripting (XSS) Vulnerability

CVE ID :CVE-2026-38432 Published : May 5, 2026, 5:17 p.m. | 1 hour, 37 minutes ago Description :ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript c

ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD

Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.

GET THE SUNDAY BRIEFING →

RELATED · cyber

Editorial policy · Report a correction