CNNVD-202602-1473 Information
CNNVD ID
CNNVD-202602-1473
Related CVE
- CNNVD Published: 2026-02-10
Description (Chinese)
Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe 14.99.14之前版本和15.94.0之前版本存在输入验证错误漏洞,该漏洞源于特制的注册URL可能导致重定向或反射型跨站脚本攻击。
Description (English)
Frappe Technologys Frappe is a Web development framework based on Python, Mariadb and integrated front-end pages of Frappe Technologys India. The previous versions of Frappe Technologies 14.99.14 and of 15.94.0 have input validation error holes, which are the result of specially designed registered URLs that may result in a re-direction or reflective cross-script attack.
Vulnerability Type
输入验证错误
Affected Vendor
Frappe Technologies
Published
2026-02-10
Last Modified
2026-02-24
References
https://github.com/frappe/frappe/security/advisories/GHSA-7m8v-g2pr-h2f7 https://github.com/frappe/frappe/commit/22cac9dd240dc1fa00d4bab7e3887b70faf22bd1 https://access.redhat.com/security/cve/cve-2026-25956
Patch
https://github.com/frappe/frappe/releases
Share on: