CNNVD-202510-746 Information
CNNVD ID
CNNVD-202510-746
Related CVE
- CNNVD Published: 2025-10-05
Description (Chinese)
Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe 2.34.x和2.35.0版本存在安全漏洞,该漏洞源于对CVE-2025-55006修复不完整,可能导致跨站脚本攻击。
Description (English)
Frappe Technologys Frappe is a Web development framework based on Python, Mariadb and integrated front-end pages of Frappe Technologys India. Versions 2.34.x and 2.35.0 of Frappe Technologies 2.2.4.x contain a security loophole, which stems from incomplete repair of CVE-2025-5506 and may result in a cross-site scrip attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Frappe Technologies
Published
2025-10-05
Last Modified
2026-02-24
References
https://gist.github.com/0xHamy/c2a81f2d1c779c513fa3db6f3ad24544#steps-to-reproduce https://github.com/frappe/lms/security/advisories/GHSA-mvxw-r9x4-3vrr https://vuldb.com/?ctiid.327016 https://vuldb.com/?id.327016 https://vuldb.com/?submit.659696
Patch
https://github.com/frappe/lms/releases
Share on: