Описание
Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting (XSS). This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds for this issue other than upgrading.
Ссылки
- Patch
- Patch
- Issue Tracking
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.94.2 (исключая)Версия от 15.0.0 (включая) до 15.57.0 (исключая)
Одно из
cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*
cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*
EPSS
Процентиль: 9%
0.00031
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
EPSS
Процентиль: 9%
0.00031
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79