CNNVD-202510-744 Information
CNNVD ID
CNNVD-202510-744
Related CVE
- CNNVD Published: 2025-10-05
Description (Chinese)
Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe 2.35.0版本存在代码注入漏洞,该漏洞源于对组件Course Handler中参数Description的错误操作,可能导致跨站脚本攻击。
Description (English)
Frappe Technologys Frappe is a Web development framework based on Python, Mariadb and integrated front-end pages of Frappe Technologys India. Version 2.35.0 of Frappe Technologies 2.35.0 contains a code-injection loophole, which stems from the error of the parameter Description in the Course Handler component and may result in a cross-site script attack.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
Frappe Technologies
Published
2025-10-05
Last Modified
2026-02-24
References
https://gist.github.com/0xHamy/1f99795df9301a95ee0c6d18028cd3da https://gist.github.com/0xHamy/1f99795df9301a95ee0c6d18028cd3da#steps-to-reproduce https://vuldb.com/?ctiid.327017 https://vuldb.com/?id.327017 https://vuldb.com/?submit.659697
Patch
https://github.com/frappe/lms/releases
Share on: