2 matches found
CVE-2026-44205 Frappe: Stored Cross-Site Scripting (XSS) in User Profile through Image Upload
Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0...
PT-2025-48161
Name of the Vulnerable Software and Affected Versions Frappe CRM version 1.53.1 Description The Frappe CRM Dashboard Controller contains multiple SQL injection flaws. These flaws are due to the unsafe concatenation of user-controlled parameters into dynamic SQL statements. The issue allows for...