Описание
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available.
Ссылки
- Release Notes
- Release Notes
- Vendor Advisory
- Release Notes
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.59.0 (исключая)Версия от 15.0.0 (включая) до 15.5.0 (исключая)
Одно из
cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*
cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00445
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
EPSS
Процентиль: 63%
0.00445
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79