7 matches found
EUVD-2026-38807
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component...
EUVD-2026-38806
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component...
CVE-2026-50710
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component...
CVE-2026-50711
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component...
CVE-2026-50711
CVE-2026-50711 affects Frappe Framework (17.0.0-dev). A Stored XSS exists in the Number Card component due to improper neutralization of user-controlled input. The connected documents confirm the vulnerability but do not specify exploit details, affected versions beyond 17.0.0-dev, or remediation...
CVE-2026-50710
CVE-2026-50710 affects Frappe Framework 17.0.0-dev with a Stored XSS in the Number Card filters_config due to unsafe evaluation of user-controlled data. The root cause is evaluating user-provided data in the Number Card component, enabling script injection. Public references are to Fluid Attacks ...
CVE-2026-50710 Frappe Framework 17.0.0-dev - Stored XSS via eval in Number Card filters_config
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component...