Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
frappe vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-14967
An issue exists in Frappe Framework 10, 11 prior to 11.1.46, and 12. There exists an XSS vulnerability.
Frappe Frappe 10.0.0
Frappe Frappe 12.0.0
Frappe Frappe
5.3
CVSSv3
CVE-2020-35175
Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.
Frappe Frappe
Frappe Frappe 13.0.0
7.5
CVSSv3
CVE-2019-20529
In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files.
Frappe Frappe 11.0.0
Frappe Frappe 12.0.0
7.5
CVSSv3
CVE-2023-41328
Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users...
Frappe Frappe
5.4
CVSSv3
CVE-2023-46127
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been pa...
Frappe Frappe
7.5
CVSSv3
CVE-2020-27508
In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.
Frappe Frappe
6.1
CVSSv3
CVE-2022-3988
A vulnerability was found in Frappe. It has been rated as problematic. Affected by this issue is some unknown functionality of the file frappe/templates/includes/navbar/navbar_search.html of the component Search. The manipulation of the argument q leads to cross site scripting. T...
Frappe Frappe
5.4
CVSSv3
CVE-2024-24812
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS...
Frappe Frappe
8.8
CVSSv3
CVE-2017-1000120
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
Frappe Frappe
6.1
CVSSv3
CVE-2019-15700
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 up to and including 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text.
Frappe Frappe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »