exploitDog

CVE-2025-68928

Опубликовано: 29 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available.

Ссылки

https://github.com/frappe/crm/commit/c5766d9989131d17d954e866bfc4b8d3b23e4f10
Patch
https://github.com/frappe/crm/releases/tag/v1.56.2
Release Notes
https://github.com/frappe/crm/security/advisories/GHSA-fm34-v6j7-chwc
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:frappe:frappe_crm:*:*:*:*:*:*:*:*

Версия до 1.56.2 (исключая)

EPSS

Процентиль: 10%

0.00035

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

EPSS

Процентиль: 10%

0.00035

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79