5 matches found
CVE-2025-52048
In Frappe 15.x.x before 15.72.0 and 14.x.x before 14.96.10, in the function addtag at frappe/desk/doctype/tag/tag.py is vulnerable to SQL Injection, which allows an attacker to extract information from databases by injecting a SQL query into the dt parameter...
CVE-2025-52048
In Frappe 15.x.x before 15.72.0 and 14.x.x before 14.96.10, in the function addtag at frappe/desk/doctype/tag/tag.py is vulnerable to SQL Injection, which allows an attacker to extract information from databases by injecting a SQL query into the dt parameter...
Frappe Technologies Frappe 安全漏洞
Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. A security vulnerability exists in Frappe Technologies Frappe versions prior to 15.72.0 and 14.96.10, which stems from the improper handling of the...
CVE-2023-38973
A stored cross-site scripting XSS vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...