An XSS issue exists in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.
frappe erpnext 11.x.x-develop_b1036e5