6 matches found
CVE-2026-25956
Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frappe site which could lead to an open redirect or reflected XSS, depending on the crafted payload when a user signs up. This vulnerability is fixed in 14.99.14 a...
CVE-2026-25956
Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frappe site which could lead to an open redirect or reflected XSS, depending on the crafted payload when a user signs up. This vulnerability is fixed in 14.99.14 a...
CVE-2026-25956 Frappe Affected by XSS and Open Redirect in Sign Up
Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frappe site which could lead to an open redirect or reflected XSS, depending on the crafted payload when a user signs up. This vulnerability is fixed in 14.99.14 a...
PT-2026-7328
Name of the Vulnerable Software and Affected Versions Frappe versions prior to 14.99.14 Frappe versions prior to 15.94.0 Description A crafted malicious signup URL for a Frappe site could lead to an open redirect or reflected cross-site scripting XSS, depending on the crafted payload, when a user...
Malicious code in signup-ui-url-generator (npm)
--- -= Per source details. Do not edit below this line.=-...
Vulnerability in Facebook discloses Primary Email Address of any account
When you sign up on Facebook, you have to enter an email address and that email address becomes your primary email address on Facebook. In a recent disclosure by a Security researcher, Stephen Sclafani - The Social Networking site Facebook was vulnerable to disclosure of primary email address of...