Lucene search

PRIOn knowledge basePRION:CVE-2024-24812

HistoryFeb 07, 2024 - 3:15 p.m.

Cross site scripting

2024-02-0715:15:00

PRIOn knowledge base

www.prio-n.com

frappe

web application

cross-site scripting

xss

python

mariadb

portal pages

vulnerability

patched.

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.3%

JSON

Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available.

CPENameOperatorVersion
frappege15.0.0
frappelt15.5.0
frappelt14.59.0

Name	Operator	Version
frappe	ge	15.0.0
frappe	lt	15.5.0
frappe	lt	14.59.0

References

github.com/frappe/frappe/releases/tag/v14.59.0

github.com/frappe/frappe/releases/tag/v15.5.0

github.com/frappe/frappe/security/advisories/GHSA-7p3m-h76m-hg9v