4 matches found
CVE-2026-50699
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in referencedocument using a whitelisted write path and trigger script execution when users open the affected Auto...
CVE-2026-50699 Frappe Framework 17.0.0-dev - Stored XSS in Auto Repeat dashboard schedule rendering
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in referencedocument using a whitelisted write path and trigger script execution when users open the affected Auto...
CVE-2026-50699
Summary: CVE-2026-50699 affects the Frappe Framework (version 17.0.0-dev) and concerns a Stored XSS in the Auto Repeat dashboard rendering. An attacker who has write access to Auto Repeat can persist HTML/JavaScript in the reference_document through a whitelisted write path. When users open the a...
EUVD-2026-38795
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in referencedocument using a whitelisted write path and trigger script execution when users open the affected Auto...