Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/07/02 5:24 p.m.7 views

CVE-2025-52896

Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting XSS. This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds f...

8.6CVSS6.3AI score0.00241EPSS
Exploits0References1
NVD
NVD
added 2025/06/30 5:15 p.m.6 views

CVE-2025-52896

Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting XSS. This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds f...

8.6CVSS0.00241EPSS
Exploits0References4
NVD
NVD
added 2025/06/30 5:15 p.m.10 views

CVE-2025-52895

Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. This issue has been patched in versions 14.94.3 and 15.58.0. There...

8.7CVSS0.00346EPSS
Exploits0References4
CVE
CVE
added 2025/06/30 5:12 p.m.29 views

CVE-2025-52896

CVE-2025-52896 affects Frappe (full‑stack web app framework). Prior to versions 14.94.2 and 15.57.0, authenticated users could upload crafted files via Data Import, causing cross‑site scripting (XSS). The issue is patched in 14.94.2 and 15.57.0; upgrade is the recommended remediation. No public w...

8.6CVSS5.8AI score0.00241EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/06/30 5:12 p.m.7 views

CVE-2025-52896 Frappe authenticated XSS via data import

Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting XSS. This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds f...

8.6CVSS6.1AI score0.00241EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/03/27 3:35 p.m.7 views

CVE-2025-30214

Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no workaround to fix this without upgrading...

9.3CVSS6.4AI score0.00398EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/20 6:11 p.m.41 views

CVE-2024-24813 Frappe SQL Injection from reporting logic

Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workaround...

7.5CVSS8.1AI score0.00646EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/07 3:3 p.m.26 views

CVE-2024-24812 Frappe Authenticated Reflected Cross site scripting (XSS) in portal pages

Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting XSS which can be used to inject malicious JS code if user click...

5.4CVSS5.5AI score0.00384EPSS
Exploits0References3
Rows per page
Query Builder