CVE-2026-50712

Frappe Framework 17.0.0-dev has a stored XSS in the frappe.ui.Tree component caused by improper neutralization of user-controlled input in tree node label rendering. The vulnerability affects the Tree view labeling logic and can lead to script content being stored and reflected in the UI. Publicl...

CVE-2026-50698

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...

EUVD-2026-38802

A Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer...

CVE-2026-50704

CVE-2026-50704 affects Frappe Framework 17.0.0-dev. The issue is a Stored XSS caused by improper neutralization of user-controlled input in the File View breadcrumb renderer. The vulnerability could allow an attacker to inject scripts via breadcrumbs, with the potential impact limited to the affe...

CVE-2026-50701 Frappe Framework 17.0.0-dev - Reflected DOM XSS in dashboard-view breadcrumb rendering

A Reflected Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component...

EUVD-2026-38794

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...