frappe frappe_framework CVE Vulnerabilities (12)

CVEs: 12 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting frappe frappe_framework (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 112 of 12 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-50712 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component [email protected] 4.8 0.24% 2026-06-24 2026-06-25
CVE-2026-50711 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component. [email protected] 4.6 0.26% 2026-06-24 2026-06-25
CVE-2026-50710 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component. [email protected] 4.6 0.26% 2026-06-24 2026-06-25
CVE-2026-50709 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel. [email protected] 4.8 0.24% 2026-06-24 2026-06-25
CVE-2026-50708 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component. [email protected] 4.8 0.24% 2026-06-24 2026-06-25
CVE-2026-50705 A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer. [email protected] 4.6 0.26% 2026-06-24 2026-06-25
CVE-2026-50704 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer. [email protected] 4.6 0.26% 2026-06-24 2026-06-25
CVE-2026-50703 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer. [email protected] 4.8 0.24% 2026-06-24 2026-06-25
CVE-2026-50701 A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component. [email protected] 5.1 0.27% 2026-06-24 2026-06-25
CVE-2026-50700 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function. [email protected] 4.6 0.26% 2026-06-24 2026-06-25
CVE-2026-50699 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference_document using a whitelisted write path and trigger script execution when users open the affected Auto Repeat form. [email protected] 4.6 0.31% 2026-06-24 2026-06-25
CVE-2026-50698 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component. [email protected] 4.6 0.26% 2026-06-24 2026-06-25
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence