CNNVD-202506-3780 Information
CNNVD ID
CNNVD-202506-3780
Related CVE
- CNNVD Published: 2025-06-30
Description (Chinese)
Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe 14.94.2之前版本和15.57.0之前版本存在跨站脚本漏洞,该漏洞源于数据导入功能中文件上传未经验证,可能导致跨站脚本攻击。
Description (English)
Frappe Technologys Frappe is a Web development framework based on Python, Mariadb and integrated front-end pages of Frappe Technologys India. There is a cross-site script loophole in previous versions of Frappe Technologies 14.94.2 and in previous versions of 15.57.0, which arises from unverified uploading of files in the data import function, which may result in cross-site script attacks.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
Frappe Technologies
Published
2025-06-30
Last Modified
2026-02-24
References
https://github.com/frappe/frappe/commit/152fd09de5bca16b8d299d715a1f5df6fca3866f https://github.com/frappe/frappe/pull/31483 https://github.com/frappe/frappe/security/advisories/GHSA-hv29-66qg-2v6p https://github.com/frappe/frappe/commit/f11c53d4df745b58bd1c1c08e1634a2f5a55322a https://access.redhat.com/security/cve/cve-2025-52896
Patch
https://github.com/frappe/frappe/releases
Share on: