Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
frappe frappe vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-14967
An issue exists in Frappe Framework 10, 11 prior to 11.1.46, and 12. There exists an XSS vulnerability.
Frappe Frappe 10.0.0
Frappe Frappe 12.0.0
Frappe Frappe
445
VMScore
CVE-2020-35175
Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.
Frappe Frappe
Frappe Frappe 13.0.0
445
VMScore
CVE-2019-20529
In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files.
Frappe Frappe 11.0.0
Frappe Frappe 12.0.0
578
VMScore
CVE-2017-1000120
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
Frappe Frappe
NA
CVE-2023-41328
Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users...
Frappe Frappe
668
VMScore
CVE-2019-14965
An issue exists in Frappe Framework 10 through 12 prior to 12.0.4. A server side template injection (SSTI) issue exists.
Frappe Frappe
1 Github repository
NA
CVE-2024-24812
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS...
Frappe Frappe
383
VMScore
CVE-2019-15700
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 up to and including 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text.
Frappe Frappe
NA
CVE-2023-46127
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been pa...
Frappe Frappe
578
VMScore
CVE-2019-14966
An issue exists in Frappe Framework 10 through 12 prior to 12.0.4. There exists an authenticated SQL injection.
Frappe Frappe
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »