13 matches found
CVE-2025-68928
Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available...
CVE-2025-68928
Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available...
CVE-2025-68928 Frappe CRM vulnerable to authenticated XSS via website field
Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available...
CVE-2025-68928 Frappe CRM vulnerable to authenticated XSS via website field
Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available...
CVE-2025-68928
Frappe CRM suffers an authenticated XSS in the web-site field due to unsanitized crafted URLs prior to v1.56.2. Impact described as cross-site scripting; upgrade to v1.56.2 fixes the issue. No workarounds are documented. Exploitation status is not provided in the available sources.
CVE-2025-68928 Frappe CRM vulnerable to authenticated XSS via website field
Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available...
Frappe CRM 跨站脚本漏洞
Frappe CRM is a full-featured customer relationship management system from Frappe Open Source. A cross-site scripting vulnerability exists in Frappe CRM versions prior to 1.56.2, which stems from insufficient cleanup of specially crafted URLs in web site fields, and could lead to cross-site...
CVE-2025-11461
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...
EUVD-2025-199743
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...
CVE-2025-11461
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...
CVE-2025-11461 Frappe CRM 1.53.1 — Multiple SQL Injections in Dashboard Controller
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...
CVE-2025-11461 Frappe CRM 1.53.1 — Multiple SQL Injections in Dashboard Controller
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...
Frappe CRM SQL注入漏洞
Frappe CRM is a full-featured customer relationship management system from Frappe Open Source. A SQL injection vulnerability exists in Frappe CRM version 1.53.1, which stems from a user control parameter that is insecurely linked to a dynamic SQL statement, which could lead to a SQL injection...