# Exploit Title: ERPnext 11.x.x - Cross-Site Scripting # Date: 2018-05-10 # Exploit Author: Veerababu Penugonda # Vendor Homepage: https://erpnext.com/ # Software Link: https://demo.erpnext.com/ # Version: Frappe ERPNext v11.x.x-develop # Tested on: Mozilla Firefox quantum 60.1 , Ubuntu OS # CVE : CVE-2018-11339 # 1. Description: # https://demo.erpnext.com/desk#Form/Asset%20Repair/ARLOG-000015 # and functionality aCommenta is vulnerable to XSS like Stored , # Reflected , Cookie , possible for more # 2. Payload : ">