Описание
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.
Ссылки
- Patch
- Release Notes
- Vendor Advisory
- Patch
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.49.0 (исключая)
cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.23895
Средний
5.4 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
EPSS
Процентиль: 96%
0.23895
Средний
5.4 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79