CVE-2026-44205 Frappe: Stored Cross-Site Scripting (XSS) in User Profile through Image Upload

Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0...

CVE-2026-44205

CVE-2026-44205 affects the Frappe framework (prior to 15.106.0). The issue is a stored XSS in the user profile image upload path that allows an attacker to execute malicious scripts in the browsers of other users. The vulnerability is mitigated by upgrading to version 15.106.0, where it is patche...

CVE-2026-44205 Frappe: Stored Cross-Site Scripting (XSS) in User Profile through Image Upload

Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0...

PT-2023-28337 · Bluespice · Bluespice

Name of the Vulnerable Software and Affected Versions: BlueSpice affected versions not specified Description: A Cross-site Scripting XSS issue in the BlueSpiceAvatars extension of BlueSpice allows a logged-in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This...

Design/Logic Flaw

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing...

CVE-2016-7845

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing...