Vulnerabilities in Frappe
106 resultsCVE-2026-44205MEDIUMFrappe: Stored Cross-Site Scripting (XSS) in User Profile through Image UploadEPSS 0.3%CVE-2026-53568MEDIUMFrappe: Stored XSS in Frappe Report/List View via 'set_link_title_field_value'EPSS 0.3%CVE-2026-50711MEDIUMFrappe Framework 17.0.0-dev - Stored XSS in Number Card filter fields renderingEPSS 0.3%CVE-2026-50705MEDIUMFrappe Framework 17.0.0-dev - Stored XSS in Form Dashboard headline renderingEPSS 0.3%CVE-2026-50698MEDIUMFrappe Framework 17.0.0-dev - Stored XSS in Audit Trail template renderingEPSS 0.3%CVE-2026-50710MEDIUMFrappe Framework 17.0.0-dev - Stored XSS via eval in Number Card filters_configEPSS 0.3%CVE-2026-50700MEDIUMFrappe Framework 17.0.0-dev - Stored XSS in frappe.get_avatar image renderingEPSS 0.3%CVE-2026-50704MEDIUMFrappe Framework 17.0.0-dev - Reflected/Stored XSS in File View breadcrumbs renderingEPSS 0.3%CVE-2025-55006MEDIUMFrappe Learning Holds Potential for Malicious SVG Upload in Image Upload FeatureEPSS 0.2%CVE-2026-42840MEDIUMERPNext 16.16.0 - Stored XSS in POS customer section via unescaped template literalsEPSS 0.2%CVE-2025-52896HIGHFrappe authenticated XSS via data importEPSS 0.2%CVE-2025-62407MEDIUMFrappe has an Open Redirect on Login PageEPSS 0.2%CVE-2026-50712MEDIUMFrappe Framework 17.0.0-dev - Stored XSS in Tree View node label renderingEPSS 0.2%CVE-2026-50708MEDIUMFrappe Framework 17.0.0-dev - Stored XSS in Multi Select Dialog result renderingEPSS 0.2%CVE-2026-50703MEDIUMFrappe Framework 17.0.0-dev - Stored XSS in Desktop Icon label renderingEPSS 0.2%CVE-2026-50709MEDIUMFrappe Framework 17.0.0-dev - Stored XSS in Notifications Events color renderingEPSS 0.2%CVE-2026-46546LOWFrappe LMS: HTML injection in user-controlled metadataEPSS 0.2%CVE-2026-40888MEDIUMFrappe HR vulnerable to Improper Access ControlEPSS 0.2%CVE-2026-40889MEDIUMFrappe HR has Improper Access Control on FilesEPSS 0.2%CVE-2026-41581MEDIUMFrappe Vulnerable to Possible SQL Injection via get_blog_listEPSS 0.2%