Vulnerabilities in frappe
94 resultsCVE-2023-46127MEDIUMFrappe vulnerable to HTML injection by any Desk userEPSS 37.0%CVE-2026-39352HIGHFrappe has an Arbitrary File Read via Path Traversal in render_includeEPSS 1.3%CVE-2022-23055—ERPNext - Improper user access conrolEPSS 1.1%CVE-2022-23058—ERPNext - Stored XSS in My SettingsEPSS 0.8%CVE-2024-24813HIGHFrappe SQL Injection from reporting logicEPSS 0.6%CVE-2025-30213MEDIUMFrappe has Possibility of Remote Code Execution due to improper validationEPSS 0.6%CVE-2024-27105HIGHFrappe File Permissions can by bypassed using certain endpointsEPSS 0.6%CVE-2022-23057—ERPNext - Stored XSS in My ProfileEPSS 0.6%CVE-2024-34074MEDIUMFrappe vuilnerable to an open redirect on login pageEPSS 0.6%CVE-2024-49751LOWFrappe Press possible HTML injection through SaaS Signup inputsEPSS 0.5%CVE-2025-10655HIGHFrappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_dataEPSS 0.5%CVE-2023-5555HIGHCross-site Scripting (XSS) - Generic in frappe/lmsEPSS 0.4%CVE-2025-11280MEDIUMFrappe LMS Assignment Picture files direct requestEPSS 0.4%CVE-2023-41328MEDIUMPossibility limited SQL injection due to insufficient validation in FrappeEPSS 0.4%CVE-2025-68929CRITICALFrappe may be vulnerable remote code execution due to server-side template injectionEPSS 0.4%CVE-2025-59421LOWPress vulnerable to email flooding to users due to lack of validation and rate limitsEPSS 0.4%CVE-2025-30212MEDIUMFrappe has possibility of SQL injection due to improper validationsEPSS 0.4%CVE-2025-52898HIGHFrappe account takeover via password reset token leakageEPSS 0.4%CVE-2024-24812MEDIUMFrappe Authenticated Reflected Cross site scripting (XSS) in portal pagesEPSS 0.4%CVE-2025-30214HIGHFrappe vulnerable to information disclosure leading to account takeoverEPSS 0.4%