Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| erxes(npm) | 0 | N/A | N/A |
CVSS Metrics
