CVE-2019-20520 (erpnext)by Jeremyin Security Bulletinson Posted on March 23, 2020 ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI.