CVE-2025-65923

{"id": "CVE-2025-65923", "cveTags": [], "metrics": {}, "published": "2026-02-03T18:16:15.700", "references": [{"url": "https://github.com/frappe/frappe_docker.git", "source": "cve@mitre.org"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability was discovered within the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Existing Recordsoption. An attacker can embed malicious JavaScript code into a CSV field, which is then stored in the database and executed whenever the affected record is viewed by a user within the ERPNext web interface. This exposure may allow an attacker to compromise user sessions or perform unauthorized actions under the context of a victim's account."}], "lastModified": "2026-02-03T18:16:15.700", "sourceIdentifier": "cve@mitre.org"}