CNNVD-202510-2312 Information

CNNVD ID

CNNVD-202510-2312

Related CVE

CVE-2025-62407

• CNNVD Published: 2025-10-16

Description (Chinese)

Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe 14.98.0之前版本和15.83.0之前版本存在输入验证错误漏洞，该漏洞源于登录页面redirect参数处理不当，可能导致开放重定向。

Description (English)

Frappe Technologys Frappe is a Web development framework based on Python, Mariadb and integrated front-end pages of Frappe Technologys India. There is an input authentication error gap in previous versions of Frappe Technologies 14.98.0 and 15.83.0, which arises from the inappropriate handling of redirect parameters on the login page, which may lead to open redirection.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

Frappe Technologies

Published

2025-10-16

Last Modified

2026-02-24

References

https://github.com/frappe/frappe/security/advisories/GHSA-j9jr-qrpj-g855

Patch

https://github.com/frappe/frappe/releases