This page lists publicly disclosed CVE vulnerabilities affecting frappe frappe_framework (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-50712 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component | [email protected] | 4.8 | 0.24% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50711 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component. | [email protected] | 4.6 | 0.26% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50710 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component. | [email protected] | 4.6 | 0.26% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50709 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel. | [email protected] | 4.8 | 0.24% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50708 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component. | [email protected] | 4.8 | 0.24% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50705 | A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer. | [email protected] | 4.6 | 0.26% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50704 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer. | [email protected] | 4.6 | 0.26% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50703 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer. | [email protected] | 4.8 | 0.24% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50701 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component. | [email protected] | 5.1 | 0.27% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50700 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function. | [email protected] | 4.6 | 0.26% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50699 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference_document using a whitelisted write path and trigger script execution when users open the affected Auto Repeat form. | [email protected] | 4.6 | 0.31% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50698 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component. | [email protected] | 4.6 | 0.26% | 2026-06-24 | 2026-06-25 |