Press 跨站脚本漏洞

Press is a custom application developed by Frappe, based on the Frappe Cloud platform. Press has a cross-site scripting vulnerability, which stems from the redirection parameters on the login page, making them susceptible to reflection-type cross-site scripting attacks...

Press 跨站请求伪造漏洞

Press is a custom application developed by Frappe that runs Frappe Cloud. Press has a cross-site request forgeing vulnerability. This vulnerability stems from the press.api.account.createapisecret endpoint, which is vulnerable to CSRF attacks. This endpoint can be accessed via a GET request and...

Press 安全漏洞

Press is a Frappe open source Frappe custom application running Frappe Cloud. A security vulnerability exists in Press, which originates from an attacker being able to send repeated invitations resulting in the user's inbox being flooded...

Press 授权问题漏洞

Press is a Frappe open source Frappe custom application running Frappe Cloud. Press suffers from an authorization issue vulnerability that stems from allowing anyone with the right to bypass 2FA access to a mailbox to reset the password...

PT-2024-34165 · Frappe · Press

Name of the Vulnerable Software and Affected Versions: Press versions prior to the version containing commit ba0007c28ac814260f836849bc07d29beea7deb6 Description: The issue concerns a password reset vulnerability in Press, a custom app for Frappe Cloud that manages various services including...