CVE-2026-47739

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been patched in versions 15.106.0 and 16.16.0...

CVE-2026-47739

CVE-2026-47739 affects the Frappe framework. Prior to versions 15.106.0 and 16.16.0, a stored XSS vulnerability existed in Note due to insufficient sanitization. The issue is mitigated by upgrading to 15.106.0 or 16.16.0 or later. The CVSS-derived metrics indicate a medium impact with network acc...

EUVD-2026-36452

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been patched in versions 15.106.0 and 16.16.0...

CVE-2026-35009

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting flaw in the addnote.php file. It could...

EUVD-2021-28420

Malicious code in bioql PyPI...

EUVD-2022-33228

Malicious code in bioql PyPI...

CVE-2023-47014

A Cross-Site Request Forgery CSRF vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php...

ALPINE-CVE-2019-8907

docorenote in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service stack corruption and application crash or possibly have unspecified other impact...