erxes

npm4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting erxespage 1 of 1

CVE-2021-32853MEDIUMCVSS 6.1EG 6.1
2023-02-20
Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected the…
CVE-2024-57186MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.6.2
2025-06-10
In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.
CVE-2024-57189MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.6.2
2025-06-10
In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.
CVE-2024-57190CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.6.1
2025-06-10
Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.

Check whether erxes is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for erxes CVEs against the assets you own.

Start Free Scan →