Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
frappe vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-14967
An issue exists in Frappe Framework 10, 11 prior to 11.1.46, and 12. There exists an XSS vulnerability.
Frappe Frappe 10.0.0
Frappe Frappe 12.0.0
Frappe Frappe
5.3
CVSSv3
CVE-2020-35175
Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.
Frappe Frappe
Frappe Frappe 13.0.0
7.5
CVSSv3
CVE-2019-20529
In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files.
Frappe Frappe 11.0.0
Frappe Frappe 12.0.0
7.5
CVSSv3
CVE-2023-41328
Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users...
Frappe Frappe
5.4
CVSSv3
CVE-2024-24812
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS...
Frappe Frappe
5.4
CVSSv3
CVE-2023-46127
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been pa...
Frappe Frappe
6.1
CVSSv3
CVE-2022-3988
A vulnerability was found in Frappe. It has been rated as problematic. Affected by this issue is some unknown functionality of the file frappe/templates/includes/navbar/navbar_search.html of the component Search. The manipulation of the argument q leads to cross site scripting. T...
Frappe Frappe
6.1
CVSSv3
CVE-2019-15700
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 up to and including 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text.
Frappe Frappe
9.8
CVSSv3
CVE-2019-14965
An issue exists in Frappe Framework 10 through 12 prior to 12.0.4. A server side template injection (SSTI) issue exists.
Frappe Frappe
1 Github repository
8.8
CVSSv3
CVE-2019-14966
An issue exists in Frappe Framework 10 through 12 prior to 12.0.4. There exists an authenticated SQL injection.
Frappe Frappe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »