ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI.Referenceshttps://www.netsparker.com/web-applications-advisories/ns-19-017-cross-site-scripting-in-erpnext/
