CVE-2025-52896

CVE-2025-52896 affects Frappe (full‑stack web app framework). Prior to versions 14.94.2 and 15.57.0, authenticated users could upload crafted files via Data Import, causing cross‑site scripting (XSS). The issue is patched in 14.94.2 and 15.57.0; upgrade is the recommended remediation. No public w...